Crypt::SecurID - Generate and verify SecurID time hash codes
use Crypt::SecurID; # create a token object tied to a 64-bit hex string key $token = Crypt::SecurID->new(hexkey => "0123456789abcdef"); # equivalently $token = Crypt::SecurID->new; $token->setKey("0123456789abcdef") || die $token->error; # create a token object tied to key in import file w/ serial number $token = Crypt::SecurID->new(file => $file, serial => $serial); # equivalently $token = Crypt::SecurID->new; $token->importToken($file, $serial); # print a hash code value print $token->code(time); # equivalently print $token->codeNow; # verify a hash code value, print drift die "Code invalid" unless $token->validate($code, $days_tolerance); printf("Code ok, drift = %d minutes\n", $token->drift); # export a token to a file unless ($token->exportToken($file, $serial)) { die $token->error; }
Crypt::SecurID is an emulator module for generating and verifying SecurID time-hash codes. Such codes are often useful during identity authentication, especially when the code is generated out-of-band so that the 64-bit secret key is never on any client machine.
Considerable speculation about the weakness of the hash algorithm has been put forth. AFAIK, it is still an open problem to determine how many distinct codes are necessary to recover the secret key.
OTOH, for one-sided authentication models (like SSL), even a weak time hash based on a shared secret may provide a desirable extra layer of security.
This module is provided for purposes of discussion and/or prototyping. If you need a real ACE server, buy one.
John Pliam <pliam@cpan.org> -- C++ wrappers, Perl module.
I. C. Wiener <icwiener@mailru.com>? -- C code.
Mudge, Kingpin, "Initial Cryptanalysis of the RSA SecurID Algorithm", Jan 2001.
http://www.ima.umn.edu/~pliam/lepgen/ The home page for the Low-Entropy Password Generator (LEP-Gen), an open source hardware token for Linux palmtops, which includes a SecurID mode.
This has never been tested against a working card or ACE server, to which I have no access. Furthermore, I tried, but not too hard, to reverse engineer the file format for importToken and exportToken methods from Wiener's code. At this stage, I have no idea how close I got to the real thing.
To install Crypt::SecurID, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::SecurID
CPAN shell
perl -MCPAN -e shell install Crypt::SecurID
For more information on module installation, please visit the detailed CPAN module installation guide.