Unfortunately, GOOZE is stopping the release of OATH tokens.
GOOZE keeps a limited stock of OATH tokens to replace broken tokens during garantee time.
We will also continue to answer support requests from our clients.
OATH tokens rely on a secret, called "seed", which allows to replay passwords when needed, as explained in our OATH guide. For example, to replay the first 10 passwords of a TOTP OATH token with secret seed 4DFA5F4FEF099FDB3A158348C928BEBB35E4222D, type:
Now, some explanations about GOOZE reasons for stopping the release of OATH tokens.
We believe that the security perimeter of an OATH token is too large:
- Chip, firmware and casing (each token has a single seed).
- Authentication server (seeds are copied on each authentication server). If authentication server is compromised, all seeds are compromised.
- Factory during initialization (seeds are generated and transfered to token). If factory is compromised, all seeds are compromised.
- Storing of seeds (seeds should be stored before sending to client). If seed store is compromised, all seeds are compromised.
- Delivery of seeds at client place (seeds are received by client and stored). If some spying system of Internet captures the seeds, all seeds are compromised.
- Seed destruction: we make sure to use secure erase and from time to time a physical destructor for disk. There is no possible compromission with disk destruction, but it is very expensive ... and the disk can be stolen before destruction. We have to destroy it ourselves and/or watch destruction.
All this makes it hard to keep seeds secure and secret around the security perimeter.
We also believe that seeds are kept in the factory where OATH tokens are built, in China.
This makes at least 6 security perimeters to secure and GOOZE does not have control over those.
Therefore, GOOZE prefers to stop releasing OATH tokens completely.
We will also contact each OATH token user to explain that seeds are kept in China.
To quote Bruce Schneier, in Applied Cryptography, ISBN 0471597562:
"If I take a letter, lock it in a safe, and hide this safe somewhere in New York ... and then tell you to read the letter, that's not security. That's obscurity."
Now, a little bit of history:
In the 1960s and 1970s, banks used to send secure passwords all over the world. This did cost a lot of money, as the secrets were kept in secure suitaces carried by humans taking planes in 1st class. Then came assymetric cryptography, which enabled to send secrets using a public key without displaying the secret key. GOOZE does not want to implement some modern "suitcase" delivery of OATH seeds, which would take us back in the 1960s and lower security levels. In the first place, we though about implementing a faraday cage, but this will not work either. As GOOZE is a responsible company, we prefer to get off the market of OATH. We also want to tell our clients that OATH is not secure and that smartcards and cryptography are more secure, when they undergo strict testing.
Being honest with our clients does not bring any advantages for us, as OATH was a big part of our turnover and GOOZE future is uncertain. But we prefer to live poor and honestly than pretend that some security device are secure. In reality, OATH tokens should always be used as a PIN code in combination with a strong password. But if we consider the poor protection of OATH, it is really like using only password.
An OATH device is not a real security device.
Now, some more history:
After World War 2, the United-Kindom captured all Enigma devices and shipped it to its dominions. At that time, nobody was aware that the Enigma code had been broken during the war. This enabled the United-Kingdom to read encrypted messages from the Common Wealth. Of course, with OATH, we are not on the same level. But we should remind that the weak link of crytography is the belief that some device or cryptographic algorithm is strong when it is actually very weak.
In cryptography, most weaknesses are either secret perimeter or human belief. In the case of OATH, we are worried that GOOZE customers might believe that OATH is STRONG when it is actually WEAK. This kind of human misunderstanding is the reason why we are actually stopping releasing OATH tokens.