IB - Why Not a USB Security Device

[max401]

Quote from JackR:

Max401:

The Challenge issued by the IB security server is 8 numbers and only numbers - thus, 99,999,999. If you add the 00,000,000 sequence that could also be sent there are 100 million possible challenges.

The Platinum token device is a simple (complex) cryptographic device. You input the challenge and the algorithm combines it with another set of numbers unique (hard-coded) into that device. It produces an 8 digit alpha-numeric response.

By design the response may contain only the numbers 0 through 9 as well as the letters A, C, E, F, H, and P (lowercase and uppercase are treated as being the same by the IB security server).

The alphas can appear anywhere in the string.

If the response was limited to numeric values there would be 100 million possible replies, each unique to a challenge to a specific IB customer. I'll let the more mathematically inclined (and less lazy) compute the actual number of unique replies when factoring in the 6 alpha characters that can appear anywhere (or not at all) in the response. I've actually had one completely alpha response.

Anyway, Quant+ should review the math involved.

Jack

Since he was using alphanumeric as an example, I assumed he was talking about the the first IB password.

 

[HOBO]

QuantPlus,

The formula you have presented: n! / r!(n-r)! is for "Combination without repetition" (where order does not matter and each object can be chosen only once).

To calculate number of possible "responses" use: n^r "Permutation with repetition" (where order matters, and an object can be chosen more than once).

Since SafeWord tokens generate "friendly" hexadecimal characters (0 1 2 3 4 5 6 7 8 9 A H C P E F) only, the number of possible responses is then 16^8 = 4,294,967,296


My token (Platinum II) turns off 60 seconds after pressing the “Entr” key. If I press “Entr” key again, the "response" number stays visible for another 60 seconds.

If pressing the keys is problematic for your disabled friend, why doesn’t he use the card with printed numbers?

 

[petteri]

Quote from max401:

Since he was using alphanumeric as an example, I assumed he was talking about the the first IB password.

With safeword platinum challenge 8 digit numeric (base 10). (99 999 999 combinations).

Response is 8 digit hexadecimal (base 16) (4 294 967 296 combinations).