It's unlikely they'll do anything, as the one that Blizzard uses works differently. It's just a time-sensitive generated number code, not a communications cypher.
If they get *physical* access to the token generator, they have compromised it because at that point all they need to do is write down the serial # on the back of it and they have the key.
The code generation code is well known for the authenticator that is used by blizzard. Given a devices serial # and a reasonably accurate idea of what time it is, generate a key to hand to the server to prove whom you are.
The whole point of the blizzard authenticator is to require a physical object, in this case the authenticator, to prove whom you are. Nothing more, nothing less. The RSA device serves a completely different purpose.
The real problem is that given physical access to a security device, you are not *guaranteed* of it's security anymore.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2012-06-28 12:11 pm (UTC)(no subject)
Date: 2012-06-28 06:50 pm (UTC)(no subject)
Date: 2012-06-28 07:43 pm (UTC)The code generation code is well known for the authenticator that is used by blizzard. Given a devices serial # and a reasonably accurate idea of what time it is, generate a key to hand to the server to prove whom you are.
The whole point of the blizzard authenticator is to require a physical object, in this case the authenticator, to prove whom you are. Nothing more, nothing less. The RSA device serves a completely different purpose.
The real problem is that given physical access to a security device, you are not *guaranteed* of it's security anymore.