[VPN] Cryptocard
Joel Snyder
Joel.Snyder at Opus1.COM
Fri Aug 29 22:09:43 EDT 2003
We used Cryptocards for years and years before going to digital
certificates. Cryptocards are, in theory, more secure than SecurID;
they represent a better one-time password which are not susceptible to
certain kinds of man-in-the-middle attacks that SecurID is susceptible
to. Although most folks operate them in "restricted input" mode,
meaning that you don't have to put in the challenge each time, they are
still physically more fragile because of the keypad; the RSA tokens
don't have it (or, really, they don't need it) which makes them fairly
robust.
Cryptocards are much more cost-effective than the RSA tokens; you don't
have to keep buying them and rebuying them every year---you can change
the batteries without losing the programming. Every once in a while I
pull my Cryptocard out of the desk for some system which only supports
that, and so after about 7 years, it has turned out to be a lot cheaper
than SecurID. CryptoCard also doesn't require you to run a proprietary
server, which means that it's often more cost effective.
More directly to your question: our failure rate/loss
rate/drop-in-the-toilet rate for the Cryptocards was roughly the same as
others report from SecurID. If you really want to get your cost and
loss rate down, go to a digital certificate approach. The Rainbow
people started it with their iKey about 3 years ago, but now we see
cheap tokens coming out of China for less than $25 each, which seems
like a gonga deal for something that has a seriously better security
model than the RSA OR the CryptoCard does.
jms
Rudi Pierquin wrote:
> Hi,
>
> I am wandering if some people on this forum have
> already tried a product called Cryptocard as an
> authentication scheme. I tried it, and it works pretty
> well, but i want to know if somebody can tell me about
> experience with this product in a production
> environment. This could help me to evaluate it against
> other products like RSA or Vasco in terms of
> reliability.
>
> Many thanks !
>
> Rudi
>
> ___________________________________________________________
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
jms at Opus1.COM http://www.opus1.com/jms Opus One
More information about the VPN
mailing list