2

If the same hard or soft RSA SecureID token was used across security domains would this introduce any additional cryptographic weakness?

For example, if I had to access two secure customer networks could I use the same hardware token, as an additional factor without adding weakness?

  • Welcome to [security.se]. I edited the tags to better reflect the question's contents. Fun Fact: While "RSA Security" was founded by the same people who invented the RSA crypto algorithm, the RSA SecurID has nothing to do with the algoritm "RSA" - which is what is usually meant when people talk about RSA. –  Apr 23 '20 at 11:21

1 Answers1

3

The SecureID token come with a fixed built-in secret which only provisioned to the owners idendity server. You cannot authenticate to others with it. And if you could, the admin of the second server could spoof your token on the first.

The only option you would have is to operate the server for both realms by a trusted thirdparty. Like many of the SSO/Login providers.

Sidenote: if you look for other tokens which could be used in such a scenario, TOTP tokens could be re-programmed/seeded. Only problem is I haven't found any which allow more than one seed to select. But for TOTP soft-tokens (apps) this is widely used.

eckes
  • 962
  • 8
  • 19