SoftToken

From: Sri Gundavelli (sgundave@hotmail.com)
Date: 01/31/02

  • Next message: Nico Kadel-Garcia: "Re: Non-expert's encryption question" 

    From: Sri Gundavelli <sgundave@hotmail.com>
Date: Wed, 30 Jan 2002 21:25:01 -0800

    Can some one point me to the algorithm that a softoken software uses for
    generating one time dynamic passwords ? This particular software is

    "SafeWord SoftToken Version 1.3a" and is pointing to a US Patent
    5,060,263. But, I was not sure if that has the complete algorithm.

    There is a softtoken phrase that is delivered out of band to the end
    user and is initialized at the client. This will enable the user to
    generate passwords to login to the corporate server. My question, will I
    be able to write my client software and generate the same sequence and
    off course given the initialization phrase. In other words is this a
    standard algorithm or some proprietary stuff. Any pointers to software
    implementations ?

    Thanks !
    Sri

    -----------------------------------------------------------------
    After SafeWord SofToken has been installed, it can be invoked by
    clicking on the Enigma Logic SafeWord SofToken icon. SafeWord SofToken
    is generally configured to remember the last user and will automatically
    begin by prompting for that user's PIN. If you are not the previous
    user, you will need to close this window and either select your ID (see
    the User Menu) or add your ID.

    To initialize SafeWord SofToken, you will need either a PIN or an
    Initialization Phrase issued by your security supervisor. The most
    common configuration of SofToken uses the stored key mode. In this mode
    the user is issued an Initialization Phrase and chooses their own PIN.
    If the derived key mode is going to be used only a PIN will be needed.

    Add yourself as a user by clicking on "ADD" under the "Users" menu. You
    will need to enter your ID, a PIN, and possibly an Initialization
    Phrase. The Initialization Phrase must be entered exactly as it was
    given to you (it is case sensitive).

    You will be prompted to enter a PIN. Note that a SofToken PIN may
    consist of letters and special characters as well as digits and numbers
    ("Jaybird$1225" for example). You may select any PIN you like within
    the requirements set by your security supervisor.

    Run your communications program and connect to the computer system
    protected by SafeWord. When you see the SafeWord Security Check and you
    are presented with a request for the Dynamic PassWord and preceded by a
    "Challenge" if it's not a synchronous token.

    Bring up SafeWord SofToken in a second window and select "Password" from
    the main menu. Enter your PIN (if necessary, select the correct user
    from the User menu) and the challenge (you will not get a dialog asking
    for the challenge if a synchronous token is selected or if the challenge
    length is 0) in the next dialog. SafeWord SofToken will calculate and
    display the one-time password after all the information needed has been
    entered.

    Give the correct one-time password to the SafeWord protected computer
    system..