[EAS] ALERT: EAS Device passwords

[Alex Hartman]

The token system worked well actually. RSA still uses it today (random
passwords with fobs that have a 10-digit code cycling on them, in sync
with the server). The real down side of this method requires human
interaction, and might not work well for stations that are 100%
automated or running in unattended operations.

There are other methods of "shared-key" based systems that could be
automated however, and even be done in hardware in a low-level form
where even a break-in wouldn't get you very far in grabbing the key
pair. Of course this would raise the cost of everything as those chips
are not cheap and very closely monitored. On the other hand, it's very
easy to find anyone abusing the system because the individual chips
leave a "digital fingerprint".

--
Alex Hartman