[nycbug-talk] token question from meeting...

Okan Demirmen okan
Thu Jan 6 01:15:39 EST 2005

george and i were talking about open source-based token based
systems, and well, since it was also a question last night, i'm

i remember looking into this a while ago, and recall that the API
is open for x9.9, so getting 2 factor auth with an open source
solution seems highly likely. the cost really comes down to management
and the tokens.

i can validate that x9.9 auth works fine with the software token
calculator, x99token(1), and yes, including ssh, at least with

so looking at x9.9 tokens out there, you can buy them individually,
but they can be expensive, ~$350, plus probably some sort of device
to initialize it (one per install-base obviously). i'm sure bulk
may get you better prices.

in the past, i've thought about getting one, or using some sort of
hack for token-based s/key, but never took it anywhere. tonight
sparked my interest once again. so, a long shot here, but does
anyone have any x9.9 tokens sitting around anywhere? i can't mess
with my sole securid card, for it's not really "mine".

if not, i may be interested in a joint project to validate a few
vendor's x9.9 token implementations, if anyone else finds value.
my current clients are on both extremes - either want to pay crap
loads of money for securid, or the other side - barely understand
one factor auth ;) so my immediate needs are personal.


Okan Demirmen <okan at demirmen.com>
PGP-Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB3670934
PGP-Fingerprint: 226D B4AE 78A9 7F4E CD2B 1B44 C281 AF18 B367 0934

More information about the talk mailing list