Elitist Jerks - View Single Post

Knaughy · 07/02/08, 10:59 PM

I'm really familiar with Vasco products. Really, really, really familiar.

I don't own any stock though. Vasco don't have an employee stock plan. Maybe these things are related, maybe not.

Vasco haven't been allowed to do a press release yet.

I can confirm it is a Vasco Digipass Go-6

Custom branding is an optional feature, most of their big banking customers use this (they have over a thousand banks using these and similar tokens). Pretty much every bank that does two-factor uses Vasco.

Vasco make the Versign VIP tokens, the Ebay tokens, and now the Blizzard tokens (as well and the banking ones).

To answer a few questions and correct a few assumptions.

It isn't made by RSA. RSA have a patent on tokens without a button, that change number every 60 seconds. So Vasco's ones have a button, and change numbers at some interval other than 60 seconds. GG, US patent system... Pretty sure the Blizzard ones change every 36 seconds.

It has a clock inside, the clock drift is synchronised at the server end. Typically, the server allows for a few minutes of drift.

The battery isn't replaceable. For starters, the case is electronically welded shut (so it's waterproof). Even if you can get it open, it erases itself if you removed the battery. Security feature. They last 7 or so years though... you still going to be playing WoW in 2015?

They're not hackable or reverse engineer-able. They use 3DES or AES based on the current time and a random seed value to calculate the OTP code. If you can crack those, you can take over an ATM network. Why bother stealing fake gold if you can steal real money? Also note: 1k banks using Vasco tokens, none hacked. See point re "real money > fake money".

I don't have ANY INFO AT ALL on what Blizzard are paying for them or why they selected Vasco (though I could make some educated guesses). But $6.50 is cheap, I'd GUESS!!! they're running at "cost-recovery". Bendigo Bank sell the same token for AU$20 - almost triple what Blizzard are charging.

Happy to answer any questions (other than commercial ones) - keep it technical.

07/02/08, 10:59 PM	#125 (permalink)
Knaughy Glass Joe Knaughty Blood Elf Paladin <Ajantis> Aman'Thul	I'm really familiar with Vasco products. Really, really, really familiar. I don't own any stock though. Vasco don't have an employee stock plan. Maybe these things are related, maybe not. Vasco haven't been allowed to do a press release yet. I can confirm it is a Vasco Digipass Go-6 Custom branding is an optional feature, most of their big banking customers use this (they have over a thousand banks using these and similar tokens). Pretty much every bank that does two-factor uses Vasco. Vasco make the Versign VIP tokens, the Ebay tokens, and now the Blizzard tokens (as well and the banking ones). To answer a few questions and correct a few assumptions. It isn't made by RSA. RSA have a patent on tokens without a button, that change number every 60 seconds. So Vasco's ones have a button, and change numbers at some interval other than 60 seconds. GG, US patent system... Pretty sure the Blizzard ones change every 36 seconds. It has a clock inside, the clock drift is synchronised at the server end. Typically, the server allows for a few minutes of drift. The battery isn't replaceable. For starters, the case is electronically welded shut (so it's waterproof). Even if you can get it open, it erases itself if you removed the battery. Security feature. They last 7 or so years though... you still going to be playing WoW in 2015? They're not hackable or reverse engineer-able. They use 3DES or AES based on the current time and a random seed value to calculate the OTP code. If you can crack those, you can take over an ATM network. Why bother stealing fake gold if you can steal real money? Also note: 1k banks using Vasco tokens, none hacked. See point re "real money > fake money". I don't have ANY INFO AT ALL on what Blizzard are paying for them or why they selected Vasco (though I could make some educated guesses). But $6.50 is cheap, I'd GUESS!!! they're running at "cost-recovery". Bendigo Bank sell the same token for AU$20 - almost triple what Blizzard are charging. Happy to answer any questions (other than commercial ones) - keep it technical.