[VPN] Cryptocard

Joel Snyder Joel.Snyder at Opus1.COM
Fri Aug 29 22:09:43 EDT 2003 

We used Cryptocards for years and years before going to digital 
certificates.  Cryptocards are, in theory, more secure than SecurID; 
they represent a better one-time password which are not susceptible to 
certain kinds of man-in-the-middle attacks that SecurID is susceptible 
to.  Although most folks operate them in "restricted input" mode, 
meaning that you don't have to put in the challenge each time, they are 
still physically more fragile because of the keypad; the RSA tokens 
don't have it (or, really, they don't need it) which makes them fairly 
robust.

Cryptocards are much more cost-effective than the RSA tokens; you don't 
have to keep buying them and rebuying them every year---you can change 
the batteries without losing the programming.  Every once in a while I 
pull my Cryptocard out of the desk for some system which only supports 
that, and so after about 7 years, it has turned out to be a lot cheaper 
than SecurID.  CryptoCard also doesn't require you to run a proprietary 
server, which means that it's often more cost effective.

More directly to your question: our failure rate/loss 
rate/drop-in-the-toilet rate for the Cryptocards was roughly the same as 
others report from SecurID.  If you really want to get your cost and 
loss rate down, go to a digital certificate approach.  The Rainbow 
people started it with their iKey about 3 years ago, but now we see 
cheap tokens coming out of China for less than $25 each, which seems 
like a gonga deal for something that has a seriously better security 
model than the RSA OR the CryptoCard does.

jms


Rudi Pierquin wrote:
> Hi,
> 
> I am wandering if some people on this forum have
> already tried a product called Cryptocard as an
> authentication scheme. I tried it, and it works pretty
> well, but i want to know if somebody can tell me about
> experience with this product in a production
> environment. This could help me to evaluate it against
> other products like RSA or Vasco in terms of
> reliability.
> 
> Many thanks !
> 
> Rudi
> 
> ___________________________________________________________
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn


-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms at Opus1.COM    http://www.opus1.com/jms    Opus One

More information about the VPN mailing list