[LINK] Security tokens

Eric Scheid eric.scheid at ironclad.net.au
Wed Nov 14 19:59:48 AEDT 2007

On 14/11/07 6:53 PM, "David Lochrin" <dlochrin at d2.net.au> wrote:

>  Does the Link Institute know the Principles of Operation?
>  Six decimal digits will encode a string of up to 19+ bits (values 0 to
> 1,048,575).  If each device is designed to deliver a given set of (say) 10,000
> numbers for each customer, then surely there is a 1% chance (10,000/1,048,575)
> that some random number will be valid for any randomly-chosen customer
> regardless of what mathematical magic is incorporated in the token.

I would think that there isn't a static pool of numbers which get popped off
as needed, but rather that the number changes automatically every minute (or
whatever). Think of it as a 6 digit PIN that changes every minute, on the
minute .. the chance that a randomly chosen 6 digit number matches the
current PIN is thus 1/1,000,000, or 0.0001%.

Each token device generates a different sequence of pseudo-random numbers,
but only the bank knows which pseudo-random number appears at a given


More information about the Link mailing list