• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How does a RSA key fob keep in synchronization with the RSA server if they are two independent clocks?

Status
Not open for further replies.
S

steppinthrax

Diamond Member
So no matter how precise you try to syncronize clocks. They will eventually get out of sync. For example if the clock is off by a million of a second. After one million RSA keys show up on the key fob it will be off by a whole second.

Where is the syncronization.
 
The server will accept codes from the fob within a small range of times (e.g. 1 minute on either side of teh time the server expects). When a log-on is successful, the server will perform a type of synchronisation.

When the server gets a code from the fob that isn't exactly right, it keeps a record of how fast or slow the fob is. So, if your fob gives a code that is '1 minute in the future', the server will record that the fob is 1 minute fast, and use that for future comparisons. So, if in 1 months time, the fob has gained another minute, the server will still accept the code (because it is within 1 minute of expected), and the server will then update it's record to show that the fob's clock is 2 minutes ahead.

In fact the RSA servers are more subtle than that. If you log in on day 1 and your fob's clock is bang on, then on day 30 you log in and the fob is 1 minute fast, the server not only records that the fob is 1 minute ahead, but that the fob is gaining at the rate of 1 minute/month. So, if you then go 2 months without logging in, the server will expect the fob to be 3 minutes ahead.
 
Originally posted by: Mark R
The server will accept codes from the fob within a small range of times (e.g. 1 minute on either side of teh time the server expects). When a log-on is successful, the server will perform a type of synchronisation.

When the server gets a code from the fob that isn't exactly right, it keeps a record of how fast or slow the fob is. So, if your fob gives a code that is '1 minute in the future', the server will record that the fob is 1 minute fast, and use that for future comparisons. So, if in 1 months time, the fob has gained another minute, the server will still accept the code (because it is within 1 minute of expected), and the server will then update it's record to show that the fob's clock is 2 minutes ahead.

In fact the RSA servers are more subtle than that. If you log in on day 1 and your fob's clock is bang on, then on day 30 you log in and the fob is 1 minute fast, the server not only records that the fob is 1 minute ahead, but that the fob is gaining at the rate of 1 minute/month. So, if you then go 2 months without logging in, the server will expect the fob to be 3 minutes ahead.
Click to expand...

Yep, and further there are versions of the keys that can sync their clocks (by a physical connection). For those that don't the fobs have a set lifetime after which they arent supposed to be used.
 
Adding... and based on the time, it expects a range of codes. You can unsync it also by pressing a 'on demand' type FOBs button multiple times without trying to sync. I think both RSA and Verisign use a range of 5. IOW, don't let a 5 year old play with your FOB unless you know where your resync site is 😉
 
Status
Not open for further replies.

TRENDING THREADS

Back
Top