how to use rsa RSA SecurID with Linux?
Clash Royale CLAN TAG#URR8PPP
I have just found an old RSA SecurID token, model SD600, at the back of a drawer. I only have the token - no documentation or pin numbers (long forgotten) or anything else.
Is it possible to make use of this with Linux without having anything except for the token ?
I have found stoken and installed it on my Arch Linux system. I tried to set that up using the 8-digit number on the back of the token but I get an error:
$ stoken import --token=12345678
error: --token string is garbled: General failure
I notice the token also has an date printed on it of 2010 so it is quite old.
Should this work, has the token expired or am I doing something wrong?
security
asked Jun 20 '17 at 16:29
starfrystarfry
3,17312749
add a comment |
I have just found an old RSA SecurID token, model SD600, at the back of a drawer. I only have the token - no documentation or pin numbers (long forgotten) or anything else.
Is it possible to make use of this with Linux without having anything except for the token ?
I have found stoken and installed it on my Arch Linux system. I tried to set that up using the 8-digit number on the back of the token but I get an error:
$ stoken import --token=12345678
error: --token string is garbled: General failure
I notice the token also has an date printed on it of 2010 so it is quite old.
Should this work, has the token expired or am I doing something wrong?
security
asked Jun 20 '17 at 16:29
starfrystarfry
3,17312749
The ones I used to use also had a custom prefix (or suffix?) that was user-generated that had to be used in addition to the ever-changing code on the screen, so I'm going to go with "it's useless".
– Jeff Schaller
Jun 20 '17 at 23:49
add a comment |
I have just found an old RSA SecurID token, model SD600, at the back of a drawer. I only have the token - no documentation or pin numbers (long forgotten) or anything else.
Is it possible to make use of this with Linux without having anything except for the token ?
I have found stoken and installed it on my Arch Linux system. I tried to set that up using the 8-digit number on the back of the token but I get an error:
$ stoken import --token=12345678
error: --token string is garbled: General failure
I notice the token also has an date printed on it of 2010 so it is quite old.
Should this work, has the token expired or am I doing something wrong?
security
asked Jun 20 '17 at 16:29
starfrystarfry
3,17312749
I have just found an old RSA SecurID token, model SD600, at the back of a drawer. I only have the token - no documentation or pin numbers (long forgotten) or anything else.
Is it possible to make use of this with Linux without having anything except for the token ?
I have found stoken and installed it on my Arch Linux system. I tried to set that up using the 8-digit number on the back of the token but I get an error:
$ stoken import --token=12345678
error: --token string is garbled: General failure
I notice the token also has an date printed on it of 2010 so it is quite old.
Should this work, has the token expired or am I doing something wrong?
security
security
asked Jun 20 '17 at 16:29
starfrystarfry
3,17312749
asked Jun 20 '17 at 16:29
starfrystarfry
3,17312749
asked Jun 20 '17 at 16:29
starfrystarfry
3,17312749
asked Jun 20 '17 at 16:29
starfrystarfry
3,17312749
asked Jun 20 '17 at 16:29
starfrystarfry
3,17312749
3,17312749
The ones I used to use also had a custom prefix (or suffix?) that was user-generated that had to be used in addition to the ever-changing code on the screen, so I'm going to go with "it's useless".
– Jeff Schaller
Jun 20 '17 at 23:49
add a comment |
The ones I used to use also had a custom prefix (or suffix?) that was user-generated that had to be used in addition to the ever-changing code on the screen, so I'm going to go with "it's useless".
– Jeff Schaller
Jun 20 '17 at 23:49
The ones I used to use also had a custom prefix (or suffix?) that was user-generated that had to be used in addition to the ever-changing code on the screen, so I'm going to go with "it's useless".
– Jeff Schaller
Jun 20 '17 at 23:49
The ones I used to use also had a custom prefix (or suffix?) that was user-generated that had to be used in addition to the ever-changing code on the screen, so I'm going to go with "it's useless".
– Jeff Schaller
Jun 20 '17 at 23:49
add a comment |
1 Answer
1
active
oldest
votes
The point of this kind of token is that they contain a secret value, and calculate and display a series of values from this secret value such that the only way to predict what the token will display is to actually make the token display it. It's impossible to reconstruct the secret value from the displayed values.
For the token to be useful, a server somewhere has to have a copy of the secret value. The server makes the same calculation as the token (from the secret value, and either a counter or the time). The server requires the user to enter the value that should be currently displayed on the token, which proves that the user has the token in their possession.
If you don't know what the secret value, the token is useless. And the token is designed to keep the value secret, so if you haven't saved it from somewhere, you aren't going to be able to extract it from the token.
answered Jun 23 '17 at 2:54
GillesGilles
535k12810821599
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f372277%2fhow-to-use-rsa-rsa-securid-with-linux%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The point of this kind of token is that they contain a secret value, and calculate and display a series of values from this secret value such that the only way to predict what the token will display is to actually make the token display it. It's impossible to reconstruct the secret value from the displayed values.
For the token to be useful, a server somewhere has to have a copy of the secret value. The server makes the same calculation as the token (from the secret value, and either a counter or the time). The server requires the user to enter the value that should be currently displayed on the token, which proves that the user has the token in their possession.
If you don't know what the secret value, the token is useless. And the token is designed to keep the value secret, so if you haven't saved it from somewhere, you aren't going to be able to extract it from the token.
answered Jun 23 '17 at 2:54
GillesGilles
535k12810821599
add a comment |
The point of this kind of token is that they contain a secret value, and calculate and display a series of values from this secret value such that the only way to predict what the token will display is to actually make the token display it. It's impossible to reconstruct the secret value from the displayed values.
For the token to be useful, a server somewhere has to have a copy of the secret value. The server makes the same calculation as the token (from the secret value, and either a counter or the time). The server requires the user to enter the value that should be currently displayed on the token, which proves that the user has the token in their possession.
If you don't know what the secret value, the token is useless. And the token is designed to keep the value secret, so if you haven't saved it from somewhere, you aren't going to be able to extract it from the token.
answered Jun 23 '17 at 2:54
GillesGilles
535k12810821599
add a comment |
The point of this kind of token is that they contain a secret value, and calculate and display a series of values from this secret value such that the only way to predict what the token will display is to actually make the token display it. It's impossible to reconstruct the secret value from the displayed values.
For the token to be useful, a server somewhere has to have a copy of the secret value. The server makes the same calculation as the token (from the secret value, and either a counter or the time). The server requires the user to enter the value that should be currently displayed on the token, which proves that the user has the token in their possession.
If you don't know what the secret value, the token is useless. And the token is designed to keep the value secret, so if you haven't saved it from somewhere, you aren't going to be able to extract it from the token.
answered Jun 23 '17 at 2:54
GillesGilles
535k12810821599
The point of this kind of token is that they contain a secret value, and calculate and display a series of values from this secret value such that the only way to predict what the token will display is to actually make the token display it. It's impossible to reconstruct the secret value from the displayed values.
For the token to be useful, a server somewhere has to have a copy of the secret value. The server makes the same calculation as the token (from the secret value, and either a counter or the time). The server requires the user to enter the value that should be currently displayed on the token, which proves that the user has the token in their possession.
If you don't know what the secret value, the token is useless. And the token is designed to keep the value secret, so if you haven't saved it from somewhere, you aren't going to be able to extract it from the token.
answered Jun 23 '17 at 2:54
GillesGilles
535k12810821599
answered Jun 23 '17 at 2:54
GillesGilles
535k12810821599
answered Jun 23 '17 at 2:54
GillesGilles
535k12810821599
answered Jun 23 '17 at 2:54
GillesGilles
535k12810821599
535k12810821599
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f372277%2fhow-to-use-rsa-rsa-securid-with-linux%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
The ones I used to use also had a custom prefix (or suffix?) that was user-generated that had to be used in addition to the ever-changing code on the screen, so I'm going to go with "it's useless".
– Jeff Schaller
Jun 20 '17 at 23:49