Which is odd, since I’m guessing this stuff was made outside of the US anyway, meaning we imported the technology and then charging folks to export it back out.

Silly, silly laws.

This particular authenticator doesn’t seem to be time based, from what I read on the web site of the manufacturer. It simply puts out a new pseudoRandom number each time the button is pressed. The keys from RSA and others made by this company are time based

As for crypto use, it could be used for encryption – you use the token as the seed for an algorithm and you’ve just got a 1 time pad crypto system. Dang hard to break.

Ever since the rise of the PC, the whole “banned because it’s cryptographic in nature” has applied to everything from weapons to even descriptions of cryptographic systems.

It does seem silly, to be sure. In general, the entire system around controlling cryptography methods has become extremely lax, so it seems surprising that this would be the cause of such a cost.

More than likely, it’s not on the American side of things. Almost all other countries have tighter control over products/programs/code/etc relating to cryptography than the US does.

However, I do not believe that the Authenticators fulfill the requirement of being considered a true cryptographic device, because they do not actually encrypt data. They do not take one set of data, and perform a transformation using an internally stored algorithym to encrypt it into another form.

Instead, they generate a number based off of a single ’seed’ number as modified by a variable time value in a random number generator. Every computer has the capability to do this.

You cannot reverse engineer the cryptography, because it serves the same functionality as one time use substitution pads. You need the same value at both the generator and user to have a match. You can reverse engineer the process of any Authenticator all you wish; without knowing the seed of the device that is associated with the account you are trying to hack, it does you no good.

Now, that doesn’t mean that they might not just have some ‘cryptography’ label placed on it by an ignorant person in US customs. Ignorant people trying to classify things they don’t understand tend to err on the cautious side, and just ban it anyway.

But I would be seriously surprised to learn that this qualified.

Also, if it were a covered device… why would just paying a higher fee to ship overseas make it okay? I thought the point was to BLOCK transfers of cryptographic electronics, not just make people in foreign countries pay more to get their hands on them. That seems siily.

Again, I’m not saying it’s not possible… just saying it’s silly.

not the 1st time I hear that. What bugs me is that we use those same kind of tokens at work and the IT department says it costs them around 6 $ per unit, and they get their supply from a US based vendor.

I wanted to get one for myself, shipping cost made it so expensive I opted not to buy one.

Heck it would cost less to buy one from the euro store, have it shipped overseas and pay for the exchange rate… no nothing is broken here

This rocks my socks.

/afk buying Authenticator!