Professional Documents
Culture Documents
ds1991 Sa
ds1991 Sa
www.atstake.com
Security Advisory
Executive Summary:
Overview:
Detailed Description:
Example:
D8 F6 57 6C AD DD CF 47 CC 05 0B 5B 9C FC 37 93 ...
03 08 DD C1 18 26 36 CF 75 65 6A D0 0F 03 51 ...
A4 33 51 D2 20 55 32 34 D8 BF B1 29 40 03 ...
A4 33 51 D2 20 55 32 34 D8 BF B1 29 40 ...
45 E0 D3 62 45 F3 33 11 57 4C 42 0C ...
E0 2B 36 F0 6D 44 EC 9F A3 D0 D5 ...
E0 2B 36 F0 6D 44 EC 9F A3 D0 ...
E0 2B 36 F0 6D 44 EC 9F A3 ...
D8 F5 FB 26 4B 46 03 9B CC 2E 68 82 22 F7 F3 2B ...
2) Precomputed response:
D8 F5 FB 26 4B 46 03 9B CC 2E 68 82 22 F7 F3 2B
2F A4 66 49 6B D0 97 96 13 AD 23 F4 21 12 B4 AC
2F 72 17 EE EA 84 A7 B8 FB 56 E7 0F C1 9F 65 40
Temporary Solutions:
Vendor Response:
They have also developed a new part (DS1963S) that uses a SHA based
challenge and response sequence to authenticate a user device. With
this part no secret data is communicated on the data line.
Proof-of-Concept Code:
http://www.atstake.com/research/advisories/2001/ds1991.zip
http://www.ibutton.com/software/tmex/index.html
<--- cut here --->
##
Password: 68 65 6C 6C 6F 20 20 20 [hello ]
Subkey Data:
54 68 69 73 20 69 73 20 [This is ]
74 68 65 20 64 61 74 61 [the data]
20 73 74 6F 72 65 64 20 [ stored ]
69 6E 20 53 65 63 75 72 [in Secur]
65 20 53 75 62 6B 65 79 [e Subkey]
20 61 72 65 61 20 23 31 [ area #1]