当前位置: 文江博客话题详情

RSA 令牌如何工作?

发布于 2024-12-18 20:41:39 字数 65 浏览 1 评论 0原文

我想了解 RSA 令牌 (SecurID) 的工作原理,使用的算法是什么,它与常规 RSA 加密/解密的算法相同吗?

原文

I would like to understand how RSA tokens (SecurID) work, what is the algorithm used there, is it the same algorithm as the regular RSA encryption/decryption ?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

忘东忘西忘不掉你 2024-12-25 20:41:39

引用 Wiki

RSA SecurID 身份验证机制由“令牌”组成——硬件(例如 USB 加密狗)或软件(软令牌)——分配给计算机用户并以固定时间间隔(通常为 60)生成身份验证代码。秒)使用内置时钟和卡的工厂编码随机密钥(称为“种子”。每个令牌的种子都不同,并加载到相应的 RSA SecurID 服务器(RSA 身份验证管理器,以前称为“种子”) ACE/Server)作为购买令牌1

所以,它可能有一些相关的东西 。 RSA 公钥算法。 人们对 SecurID 的真正内部原理知之甚少(隐匿性安全),但有一些分析,例如 初始 securid 分析 以及维基百科 SecurID 页面底部的更多信息

此外,硬件令牌是 <。 a href="http://en.wikipedia.org/wiki/Tamper_resistance" rel="noreferrer">防篡改,因此几乎不可能复制被盗的令牌。

更新:感谢 eyaler,经典 SecurID 中没有任何公钥/私钥;它们基于“共享秘密”,而不是非对称算法。维基百科说,AES-128 的变体用于从密钥(“种子”)生成令牌代码。秘密密钥在工厂被编码成密钥。

Citing on Wiki

The RSA SecurID authentication mechanism consists of a "token" — either hardware (e.g. a USB dongle) or software (a soft token) — which is assigned to a computer user and which generates an authentication code at fixed intervals (usually 60 seconds) using a built-in clock and the card's factory-encoded random key (known as the "seed". The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased1.

So, it may have something related to the RSA public key algorithm. Little known about real internals of SecurID (security by obscurity), but there are some analysis, e.g. initial securid analysis and more at bottom of SecurID page in wikipedia.

Also, hardware tokens are Tamper resistant so it is almost impossible to duplicate stolen token.

UPDATE: Thanks to eyaler, there are no any public/private keys in classic SecurID; they are based on "shared secret", not on asymmetric algorithm. Wikipedia says, that variant of AES-128 is used to generate token codes from secret key ("seed"). The secret key is encoded into key at factory.

回复 原文
逆流 2024-12-25 20:41:39

您可以在 http://seclists.org/bugtraq/2000/Dec/459

(过于简单的)机制是

hash = <some initial value>
every x seconds do:
   hash = hashfunction(hash + secret_key)
   print hash

You can have a look at how it's really done at http://seclists.org/bugtraq/2000/Dec/459

The (oversimplified) mechanism is

hash = <some initial value>
every x seconds do:
   hash = hashfunction(hash + secret_key)
   print hash
回复 原文
允世 2024-12-25 20:41:39

我可以让您了解暴雪移动身份验证器的工作原理,因为它们的代码 已开源。 (存档)

基本要点是:

  • 使用各种秘密生成哈希
  • ,但还包括自某个开始时间(例如 1/1/1970)以来 30 秒间隔的数量

简而言之伪- 代码是:

String GetCurrentFOBValue()
{
   // Any code is released into the public domain. No attribution required.

   // Calculate the number of intervals since January 1 1970 (in UTC)
   // The Blizzard authenticator rolls over every 30 seconds,
   // so codeInterval is the number of 30 second intervals since January 1 1970.
   // RSA tokens roll over every minute; so your counter can be the number 
   // of 1 minute intervals since January 1, 1970
   // Int64 codeInterval = GetNumberOfIntervals();
   Int64 codeInterval = (DateTime.Now - new DateTime(1970,1,1)).TotalSeconds / 30;

   // Compute the HMAC_SHA1 digest of the code interval, 
   // using some agreed-upon 20-bytes of secret key material.
   // We will generate our 20-bytes of secret key material by
   // using PBKDF2 from a password. 
   // Blizzard's mobile authenticator is given secret key material
   // when it enrolls by fetching it from the web-site.
   Byte[] secret = PBKDF2("Super-secret password that our FOB knows", 20); //20 bytes

   // Compute a message digest of codeInterval using our shared secret key
   Byte[] hmac = HMAC(secret, codeInterval);

   // Pick four bytes out of the hmac array, and convert them into a Int32.
   // Use the last four bits of the digest as an index 
   // to which four bytes we will use to construct our Int32
   int startIndex = hmac[19] & 0x0f;

   Int32 value = Copy(hmac, startIndex, 4).ToUInt32 & 0x7fffffff; 

   // The blizzard authenticator shows 8 digits
   return String.Format("%.8d", value % 100000000);

   // But we could have just as easily returned 6, like RSA FOBs do
   return String.Format("%.6d", value % 1000000);
}

I can give you a sense of how the Blizzard Mobile Authenticators work, since their code has been open-sourced. (archive)

The basic gist is:

  • generate a hash using various secrets
  • but also include the number of 30-second intervals since some starting time (e.g. 1/1/1970)

In brief pseudo-code it is:

String GetCurrentFOBValue()
{
   // Any code is released into the public domain. No attribution required.

   // Calculate the number of intervals since January 1 1970 (in UTC)
   // The Blizzard authenticator rolls over every 30 seconds,
   // so codeInterval is the number of 30 second intervals since January 1 1970.
   // RSA tokens roll over every minute; so your counter can be the number 
   // of 1 minute intervals since January 1, 1970
   // Int64 codeInterval = GetNumberOfIntervals();
   Int64 codeInterval = (DateTime.Now - new DateTime(1970,1,1)).TotalSeconds / 30;

   // Compute the HMAC_SHA1 digest of the code interval, 
   // using some agreed-upon 20-bytes of secret key material.
   // We will generate our 20-bytes of secret key material by
   // using PBKDF2 from a password. 
   // Blizzard's mobile authenticator is given secret key material
   // when it enrolls by fetching it from the web-site.
   Byte[] secret = PBKDF2("Super-secret password that our FOB knows", 20); //20 bytes

   // Compute a message digest of codeInterval using our shared secret key
   Byte[] hmac = HMAC(secret, codeInterval);

   // Pick four bytes out of the hmac array, and convert them into a Int32.
   // Use the last four bits of the digest as an index 
   // to which four bytes we will use to construct our Int32
   int startIndex = hmac[19] & 0x0f;

   Int32 value = Copy(hmac, startIndex, 4).ToUInt32 & 0x7fffffff; 

   // The blizzard authenticator shows 8 digits
   return String.Format("%.8d", value % 100000000);

   // But we could have just as easily returned 6, like RSA FOBs do
   return String.Format("%.6d", value % 1000000);
}
回复 原文
溺渁∝ 2024-12-25 20:41:39

@VolkerK 的回答链接到描述“64位”RSA令牌算法的C代码,该算法本质上使用自定义算法(逆向工程〜2000)。

但是,如果您对更现代的“128 位”令牌(包括无处不在的 SID700 硬件令牌和等效软令牌)使用的算法感兴趣,请查看 stoken,一个开源项目,详细记录了其工作原理; securid_compute_tokencode 是主要入口点。

本质上,该算法的工作原理如下:

  • 根据当前时间和序列号生成密钥
  • 使用 128 位 AES 重复加密秘密/种子
  • 从输出的十进制表示形式中提取数字并添加到 PIN 中以进行良好的测量

这并没有什么不同来自开放标准 TOTP 算法(开放式身份验证倡议的一部分)用于 Google 身份验证器、YubiKey、赛门铁克 VIP 访问 等……只是 MOAR SPESHUL 和EKSTRA SECURITEH 专有!

@VolkerK's answer links to C code that describes the algorithm for "64-bit" RSA tokens, which use an essentially custom algorithm (reversed-engineered ~2000).

However, if you're interested in the algorithm used by the more modern "128-bit" tokens (including the ubiquitous SID700 hardware tokens and equivalent soft-tokens), then have a look at the source code for stoken, an open-source project which thoroughly documents their workings; securid_compute_tokencode is the main entry point.

Essentially, the algorithm works like this:

  • Generate keys from the current time and serial number
  • Repeatedly encrypt the secret/seed with 128-bit AES
  • Extract digits from the decimal representation of the output and add in the PIN for good measure

It's not all that different from the open standard TOTP algorithm (part of the Initiative For Open Authentication) used in Google Authenticator, YubiKey, Symantec VIP access, etc. … just MOAR SPESHUL AND PROPRIETARY for EKSTRA SECURITEH!

回复 原文
口干舌燥 2024-12-25 20:41:39

您可以参考 RFC TOTP:基于时间的一次性密码算法

正如其中明确描述的,RSA 令牌(SecurID)中使用的确切算法是 TOTP(基于时间的一次性密码算法),哈希算法。

在我们使用令牌之前,种子(可能由 AES-128 的变体生成)已经保存在令牌中。

You can refer to the RFC TOTP: Time-Based One-Time Password Algorithm

As clearly described in that, the exact algorithm used in RSA tokens (SecurID) is TOTP(Time-Based One-Time Password Algorithm), a hash algorithm.

The seed(may generated by a variant of AES-128) was already saved in the token before we using it.

回复 原文
~没有更多了~

关于作者

糖果控

暂无简介

文章
评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

睡美人的小仙女

文章 0 评论 0

七七

文章 0 评论 0

囍笑

文章 0 评论 0

盛夏尉蓝

文章 0 评论 0

ゞ花落谁相伴

文章 0 评论 0

Sherlocked

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文