Paper 2003/162

Cryptanalysis of the Alleged SecurID Hash Function

Alex Biryukov, Joseph Lano, and Bart Preneel

Abstract

The SecurID hash function is used for authenticating users to a corporate computer infrastructure. We analyse an alleged implementation of this hash function. The block cipher at the heart of the function can be broken in few milliseconds on a PC with 70 adaptively chosen plaintexts. The 64-bit secret key of 10$\%$ of the cards can be discovered given two months of token outputs and $2^{48}$ analysis steps. A larger fraction of cards can be covered given more observation time.

Note: New attack on the full Alleged SecurID Hash Function.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Updated version of a paper, which will appear in SAC'03 preproceedings
Keywords
alleged SecurIDcryptanalysisinternal collisionvanishing differential
Contact author(s)
abiryuko @ esat kuleuven ac be
History
2003-10-29: last of 3 revisions
2003-08-11: received
See all versions
Short URL
https://ia.cr/2003/162
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2003/162,
      author = {Alex Biryukov and Joseph Lano and Bart Preneel},
      title = {Cryptanalysis of the Alleged {SecurID} Hash Function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2003/162},
      year = {2003},
      url = {https://eprint.iacr.org/2003/162}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.