Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a system of authentication services that supports among other authentication methods one-time password. The one-time passwords are generated by the authenticating user via a hardware or software token device from the users PIN number and a Token Key stored in the device. During authentication, a user-generated one-time password, or tokencode, is sent to the authentication server and the user is authenticated if the tokencode was generated from a valid PIN and Token Key. In this sort of authentication system, the security of the shard secret (the user's PIN) is critical. Secure Computing's e.iD Authenticator for Palm is a software token device for the SafeWord system that runs on the Palm Pilot. e.iD Authenticator for Palm uses a palm database (PDB) file called "sceiddb.pdb"...
Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a system of authentication services that supports among other authentication methods one-time password. The one-time passwords are generated by the authenticating user via a hardware or software token device from the users PIN number and a Token Key stored in the device. During authentication, a user-generated one-time password, or tokencode, is sent to the authentication server and the user is authenticated if the tokencode was generated from a valid PIN and Token Key. In this sort of authentication system, the security of the shard secret (the user's PIN) is critical. Secure Computing's e.iD Authenticator for Palm is a software token device for the SafeWord system that runs on the Palm Pilot. e.iD Authenticator for Palm uses a palm database (PDB) file called "sceiddb.pdb" containing an encrypted version of the user's PIN as well as the Token Key. The encrypted version of the user's PIN is used when the user attempts to change his PIN. Before the PIN can be changed the user must enter their current PIN. The entered PIN is encrypted and compared to the encrypted PIN. If they don't match the device will display a warning and refuse to change the PIN. PINs are from 2 to 8 digits in length. The encrypted PIN is always 16 bytes. The encrypted PIN is found starting at address 0x7A to address 0x89 in the "sceiddb.pdb" file. As Palm Pilot and related devices are considered general purpose platforms and are not tamper-resistant devices there exist likely scenarios in which an attacker may obtain access to the "sceiddb.pdb" file. An attacker with access to the "sceiddb.pdb" file can obtain the user's PIN by encrypting every possible 8 digit PINs and comparing them with the encrypted PIN in the "sceiddb.pdb" file. > @Stake has calculated the time required to obtain different length PIN numbers using a Pentium III 450MHz: PIN Length Time to calculate PIN 2 0.023 seconds 3 0.23 seconds 4 2.3 seconds 5 23.3 seconds 6 3.8 minutes 7 38.8 minutes 8 6.48 hours Once a user's PIN has been obtained an attacker can generate a valid tokencode if he can determine the most recent tokencode used by the user to authenticate to the SafeWord system. Scenarios: The are a number of likely scenarios that can allow an attacker to obtain access to the "sceiddb.pdb" file. * If an attacker obtains access to the user's Palm device he can copy via IrDA (infrared), or "beam", the "sceiddb.pdb" file. By default this file does not have the "Beam Lock" protection bit set. This bit tells the PalmOS not to allow the beaming of the file. But the "Beam Lock" protection can be easily disabled. * If an attacker obtains access to a computer the user uses to HotSync or backup his Palm device the attacker may find a copy of the "sceiddb.pdb" file. By default this file is configured not to be backed up. However, some third party utilities may ignore this and back it up, the user may have configured the file to be backed up, or the file may be pending download into the Palm device. The are also a number of likely scenarios that can allow an attacker to obtain the most recent tokencode used by the user to authenticate to the SafeWord system: * The attacker may monitor the network and extract the tokencode from non-encrypted authentication requests (e.g. telnet). * The attacker may obtain access to the machine the user is entering the tokencode in and read the keyboard output. * The attacker may view the tokencode as it is being physically entered by the user ("shoulder surfing").
