Hitachi ID Password Manager Security Analysis

Hitachi ID Password Manager Security Analysis
© 2014 Hitachi ID Systems, Inc. All rights reserved.

Organizations that either are considering deployment of Password Manager or have already deployed it
need to understand its security implications.
Password Manager impacts authentication processes and standards. This document describes this impact,
and how to ensure that it is a positive change.
Password Manager is also a sensitive part of an organization’s IT infrastructure, and consequently must
be defended by strong security measures. The technology used by Password Manager to protect against
intrusions, as well as best practices to deploy that technology, are described here.
Contents
1 Introduction 1
2 What is Hitachi ID Password Manager? 2
3 Protected Assets 3
4 Deﬁning security violations 4
5 Impact on User Authentication 6
5.1 Password Problem Help Desk Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.2 Password Policy Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.3 Password Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.4 Proﬁle Enrollment Impacts Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6 Server Defenses 8
6.1 Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
6.2 Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.3 Hitachi ID Password Manager Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
7 Communication Defenses 14
8 Data protection 17
9 The Secure Kiosk Account 18
9.1 Protected Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
9.2 Existing Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
9.2.1 Workstation Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
9.2.2 Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
i

Password Manager Security Analysis
9.2.3 Network Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
9.3 Net New Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
10 Conclusions 21
© 2014 Hitachi ID Systems, Inc. All rights reserved.

1 Introduction
Organizations that either are considering deployment of Hitachi ID Password Manager or have already
deployed it need to understand its security implications.
Password Manager impacts authentication processes and standards. This document describes this impact,
and how to ensure that it is a positive change.
Password Manager is also a sensitive part of an organization’s IT infrastructure, and consequently must
be defended by strong security measures. The technology used by Password Manager to protect against
intrusions, as well as best practices to deploy that technology, are described here.
The remainder of this paper is organized into sections that describe challenges specific to managing pass-
words for mobile users, and how Password Manager addresses each problem.
• What is Password Manager?
A brief description of Password Manager, to give context to the subsequent sections.
• Protected assets
A list of what information security, as implemented in Password Manager, should protect.
• Defining security violations
Some specific security attacks that Password Manager defenses must repel.
• Impact on authentication processes
How the features and processes created by Password Manager affect authentication to IT infrastruc-
ture generally in an organization.
• Server defenses
How the Password Manager server can and should be protected.
• Communication defenses
How data transmitted to and from each Password Manager server is protected.
• Data protection
How data stored on each Password Manager server is protected.
• The secure kiosk account
How the optional secure kiosk account impacts the security of the network operating system where it
is installed.
© 2014 Hitachi ID Systems, Inc.. All rights reserved. 1

2 What is Password Manager?
Hitachi ID Password Manager is an integrated solution for managing user credentials, across multiple sys-
tems and applications. Organizations depend on Password Manager to simplify the management of those
credentials for users, to reduce IT support cost and to improve the security of login processes.
Password Manager includes password synchronization, self-service password reset, enterprise single sign-
on, PIN resets for tokens and smart cards, enrollment of security questions and biometrics and emergency
recovery of full disk encryption keys.
Password Manager reduces the cost of password management using:
• Password synchronization, which reduces the incidence of password problems for users
• Self-service password reset, which empowers users to resolve their own problems rather than calling
the help desk
• Streamlined help desk password reset, to expedite resolution of password problem calls
Password Manager strengthens security by providing:
• A powerful password policy engine.
• Effective user authentication, especially prior to password resets.
• Password synchronization, to help eliminate written-down passwords.
• Delegated password reset privileges for help desk staff.
• Accountability for all password changes.
• Encryption of all transmitted passwords.
To ﬁnd out more about Password Manager, visit http://Hitachi-ID.com/Password-Manager.

3 Protected Assets
IT security means protecting the availability of systems, the conﬁdentiality of data, and the integrity of both
processes and data.
Hitachi ID Password Manager is designed to improve network security. It includes measures to protect:
• The Password Manager server itself.
• Sensitive data housed on the Password Manager server, including:
– Target credentials to target systems, which the Password Manager server uses to attach to
target systems and reset user passwords.
– Support staff passwords, which may be used by Password Manager to authenticate help desk
analysts.
– Personal user data, which may be managed by Password Manager and used to authenticate
users who access a self-service password reset.
• Data transmitted by users to Password Manager, including answers to personal questions and pass-
words.
• Data transmitted from Password Manager to managed systems, including target credentials and user
passwords.
• Authorized access to managed systems.
The Password Manager software is designed to safeguard all of these assets.
Customers should take care, and follow best practices, to ensure that their deployments of Password
Manager will likewise protect these assets.

4 Defining security violations
As mentioned in the previous section, Hitachi ID Password Manager is designed to protect a range of
security assets.
Password Manager is also designed to defeat specific attacks, targeted against:
• User accounts / profiles:
Access to Password Manager functions is protected using strong user authentication, intruder lockouts
and security violation alarms.
• The Password Manager web application:
The Password Manager web user portal is implemented using the standard common gateway inter-
face (CGI) mechanism, available on all web servers. CGI programs are exclusively responsible for
accepting user input and displaying web pages. As such, the CGI programs may be attacked so need
to incorporate strong protections.
All Password Manager CGI programs use a standard string library to validate all inputs and protect
against buffer overflow, SQL injection, cross site scripting and similar attacks. This is done by checking
maximum input lengths, filtering out special characters and HTML codes, checking for valid formatting
and value ranges, etc.
• The Password Manager web server:
Password Manager is compatible with a wide variety of web servers (Apache, SunONE, IIS). It uses
only the RFC-compliant CGI mechanism in its host web server, and consequently does not require
scripting engines, index services, dynamic HTML preprocessing or other web server modules which
may contain known or latent security vulnerabilities.
• The Password Manager host operating system:
Password Manager relies on a very minimal set of operating system features, and administrators
are encouraged to lock down the Password Manager server’s host operating system by removing all
non-essential services and components.
• Sensitive data managed by Password Manager:
All sensitive data managed by Password Manager is encrypted.
• Communication between users and Password Manager:
All communication with users is encrypted, using HTTPS and a trusted third-party (Verisign, Thawte,
etc.) SSL certificate.
• Communication between Password Manager components on the network:
All communication between Password Manager components, whether within the context of a single
server or across the network, is encrypted using 128-bit AES, a shared key, mutual authentication,
random session keys and block feedback.
• Communication between Password Manager and target systems:
Password Manager communicates with managed systems either using one of three methods:

1. Using the target’s natively encrypted user administration protocol.
2. By installing a Password Manager agent on the target system, and encrypting communication
between Password Manager components using a shared key.
3. By deploying a Password Manager proxy server adjacent to the target system, in a physically-
secure co-location, and encrypting communication between the main Password Manager server
and the proxy server using a shared key.
In all three cases, communication is protected as it traverses vulnerable network media.

5 Impact on User Authentication
One of Hitachi ID Password Manager’s main objectives is to enhance the security posture of organizations,
by improving the security of user authentication processes.
5.1 Password Problem Help Desk Calls
Users who forget a password or trigger an intruder lockout before Hitachi ID Password Manager rely on
support processes, such as calling the help desk, to get a password reset and thereby resolve their problem.
It follows that the security of passwords is only as good as the security of the process used to authenticate
help desk callers.
For instance, in a company where users must enter complex passwords and must change them every day,
but where users who forget their password can authenticate to the help desk using the last 4 digits of their
social security number, passwords are only as secure as the last 4 digits of a user’s SSN.
Password Manager improves user authentication prior to password resets, both self-service and assisted.
Users may be required to authenticate with:
• A two-factor hardware token.
• A biometric voice-print match.
• By ﬁlling in answers on successive screens to multiple, randomly selected personal questions, some
of which are standard (apply to all users), and some of which are personalized (different users have
different questions).
Using Password Manager, it is possible to make non-password authentication as strong as or stronger than
password authentication.
5.2 Password Policy Enforcement
Passwords are only a reliable authenticator if they are impractical to guess and are not written down or
shared.
Password policy rules are used by systems to make sure that users select passwords that are difﬁcult to
guess.
Hitachi ID Password Manager makes it possible to enforce a single, consistent and strong set of password
rules across multiple systems – including on systems that do not natively have a good password policy
engine.
Password aging is used to force users to change passwords periodically, to limit the window of time available
to an intruder who may be in a position to attempt a brute-force password guessing attack.

Password Manager can enforce password aging globally, including on systems that do not natively enforce
it.
5.3 Password Synchronization
Users in a typical mid- to large-sized organization have from 5 to 8 different passwords. These passwords
expire on different schedules, and are subject to different password policy rules. As a result, over time,
users tend to acquire a collection of different passwords – one per system.
Since multiple passwords are difficult to remember, users usually write down their passwords, try to pick
easy-to-remember (and so easy-to-guess) password values, and try to avoid password changes.
Password synchronization, a core Hitachi ID Password Manager feature, makes it easy for users to manage
a single, complex, frequently-changing password value on multiple systems. Managing a single password
is much easier than managing 5–8 different passwords, and as a result users tend not to write down their
passwords.
Password synchronization is an effective antidote for sticky notes with password lists.
5.4 Profile Enrollment Impacts Security
In most self-service password reset deployments, users are asked to register personal authentication data
(questions and answer pairs), that can subsequently be used to authenticate them.
The security of this registration process is just as important as the quality of the authentication profile and
user passwords. This is because compromise of the enrollment process would allow an attacker to fill out a
user’s profile, and use it to reset that user’s password.
For instance, if users register a Q&A profile using a short PIN, then an intruder who can guess or acquire a
PIN will be able to register as the user, setup the user’s Q&A profile with information that the intruder can
answer, and then use the self-service process to reset the user’s passwords to a value that the intruder
knows.
The bottom line is that the authentication method used to register data that will be used for self-service
password reset must be at least as secure as network passwords.
In Hitachi ID Password Manager, users type their current network passwords to authenticate to the regis-
tration process, and so the above requirement is met.

6 Server Defenses
The Hitachi ID Password Manager server houses some sensitive data, including target credentials and
possibly private user proﬁle information, as described in Section 3 on Page 3.
To protect this data, the Password Manager includes several layers of defense:
6.1 Operating System
Hitachi ID Password Manager is installed on a locked-down, fully patched Windows 2003 server.
An important way to secure a server on any platform is to reduce the amount of software that it runs. This
eliminates potential sources of software bugs that could be exploited to violate the server’s security.
The following services, at most, are needed on the Password Manager server:
• DNS Client - Required to resolve host names
• Event Log - Core O.S. component
• IIS Admin Service - Only required if IIS is used
• IPSEC Policy Agent - Core O.S. component
• Logical DiskManager - Core O.S. component
• Network Connections - Required to manage network interfaces
• Plug and Play - Hardware support
• Protected Storage - Core O.S. component
• Remote Procedure Call (RPC) - Core O.S. component
• Removable Storage - Required to open CD-ROM drives
• RunAs Service - Core O.S. security component
• Security Accounts Manager - Core O.S. security component
• TCP/IP NetBIOS Helper Service - Only required if directly managing Windows passwords
• Workstation - Only required if directly managing Windows passwords
• World Wide Web Publishing Service - Only required if IIS is used
If additional services are required during implementation, then Hitachi ID Systems will notify the customer.
All other services should be disabled unless there is some speciﬁc reason (not related to Password Manager)
to enable them.

The Password Manager server is not normally a member of a domain. This reduces the risk of a security
intrusion in the domain being leveraged to gain unauthorized access to the Password Manager server, and
from there perhaps compromising other (e.g., non-AD) systems.
The Password Manager server can also take advantage of simple packet ﬁltering services in Windows 2003,
to block all inbound connections other than those to the web service, as shown in the ﬁgure below:
A hardened Password Manager server can be port scanned to identify available services. Following is a
typical port scan result:
delli:/data/idan/vmware/win2ksrv# nmap -sT 192.168.100.8
Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.100.8):
(The 1551 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
443/tcp open https
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
delli:/data/idan/vmware/win2ksrv# nmap -sU 192.168.100.8
Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
All 1459 scanned ports on (192.168.100.8) are: filtered
Nmap run completed -- 1 IP address (1 host up) scanned in 91 seconds

The process table on the same server looks like this:
Note: VMWare entries reﬂect the fact that this sample was taken from a VMWare virtual PC.
This server was running with just the mandatory services described earlier.
6.2 Web Server
The web server is a required component, as it enables the Hitachi ID Password Manager user interface and
SOAP API. It should therefore be carefully protected.
Since Password Manager does not require any web server functionality beyond the ability to serve static
documents (HTML, images) and to execute self-contained CGI executable programs, all non-essential web
server content should be removed.
If Apache is used, all non-essential modules should be commented out of the conﬁguration rules.
If IIS is used, this means removing IISAdmin, Printers, Scripts and similar folders, as shown below:

The web server’s scripting, indexing and data access subsystems should likewise be removed:

As an extra precaution, remote data services are disabled by removing the following registry keys:
• HKLM
System
CurrentControlSet
Services
W3SVC
Parameters
ADCLaunch
RDSServer.DataFactory
• HKLM
System
CurrentControlSet
Services
W3SVC
Parameters
ADCLaunch
AdvancedDataFactory
• HKLM
System
CurrentControlSet
Services
W3SVC
Parameters
ADCLaunch
BusObj.VbBusObjCls
ODBC drivers are also all disabled, both manually (remove data sources) and add this entry to the registry:
• HKLM
Software
Microsoft
Jet
4.0
engines
SandBoxMode = 3
6.3 Password Manager Application
If the operating system and web server are made safe from attack, primarily by running a very minimal
subset of available software, intruders will seek to attack the Hitachi ID Password Manager application
itself.
Network-attached applications are frequently attacked using buffer overﬂow attacks, and by sending them
unexpected inputs.

Password Manager’s web interface is implemented as a set of self-contained executable programs, com-
piled from C++ source code. These programs do not use ASP, JSP or other scripting engines, so are not
vulnerable to potential security bugs in those engines.
The Password Manager CGI programs are coded very defensively, and check their inputs for overﬂows,
unexpected characters, unexpected string formatting, etc.
The Password Manager CGI programs manage session state very carefully. They do not use cookies.
Instead, session state is managed by embedding a hidden session key in every web form. Whenever a
user submits a web form, the key changes to a new, cryptographically random value. Only the current
session key is valid, which means that users must navigate through the application, and are prevented from
using the web browser “Back” button. This makes it possible for users to log off from an active session.
It also prevents an intruder from using the browser “Back” button to take advantage of a still-active but
unattended login session.

7 Communication Defenses
Hitachi ID Password Manager sends and receives sensitive data over the network. Its communications
include user passwords, target credentials and personal user information. These are all valuable assets
that must be defended.
Network attacks typically fall into two classes:
• Passive attacks, where an intruder listens to a communication stream and extracts useful data from
it.
• Active attacks, where an intruder abuses either an available network service, or an open communi-
cation session.
Password Manager’s network services and communication protocols are designed to defend against both
types of attacks using cryptography:

Communication protocol defenses
From To Protocol, encryption algorithm
User workstation Password Manager web
application
HTTPS
Windows NT/2000/2003
password filter DLL
Password Manager
server
MTE
Unix passwd replace-
ment binary
Password Manager
server
MTE
zOS/OS390 security exit Password Manager
server
MTE
Sun ONE Directory
password filter
Password Manager
server
MTE
IBM Directory password
filter
Password Manager
server
MTE
IVR server (any) Password Manager
server
MTE
Password Manager
server
Agent on Unix server MTE
Password Manager
server
OS390 native agent MTE
Password Manager
server
RSA ACE native agent MTE
Password Manager
server
RSA Keon native agent MTE
Password Manager
server
Password Manager
proxy server
MTE
Password Manager
server
Another Password
Manager server (for
data replication)
MTE
Password Manager
server
Other managed system Native protocol.
If the target system’s native protocol is
insecure, then a proxy server is co-located
with the managed system, and
communication is carried out via a
Password Manager proxy server.
In the above table, MTE means “M-Tech Encryption Protocol.” This protocol works as follows:

Step Caller Server
1. Open TCP socket
2. Generate and display long random number
3. Encrypt random number using a shared
secret key
Encrypt random number using a shared
secret key
4. Send first half of encrypted result
5. Compare received crypto text to internal
calculation
6. If no match: alarm and hang-up.
7. Use second half of encrypted result as
initial session key
Use second half of encrypted result as
initial session key
8. Print greeting string.
9. Send encrypted command string
10. Execute command
11. Print encrypted result string
12. Hang up. Hang up.
All encryption is carried out using 128-bit AES, which is an ISO encryption algorithm. 128-bit AES is a
military-grade encryption algorithm with no known vulnerabilities.
The above analysis shows that – so long as the Password Manager server is configured with an SSL
certificate, and setup to require HTTPS client communication; and so long as communication with target
systems whose native protocols are weak is protected using judicious use of the Password Manager proxy
server – no sensitive data is ever transmitted in plaintext.

8 Data protection
The Hitachi ID Password Manager server houses some sensitive data, and this data must be protected
against anyone who has physical access to the server, or has a legitimate right to log into it.
All sensitive data on the Password Manager server is encrypted, as follows:
Data Encryption algorithm Key length Salt?
User profiles: answers to personal questions 128-bit AES 128 bits n/a
User profiles: password history SHA-1 n/a 64 bits
target credentials 128-bit AES 128 bits n/a
Help desk user passwords 128-bit AES 128 bits n/a
Of the above, the only mandatory data is target credentials for target systems. Everything else may be
accessed on other systems, on demand.
As a result of this encryption, someone with access to the filesystem of the Password Manager server would
not be able to readily decipher sensitive data on that server. They would first have to figure out where the
data is stored, then how it is encoded, then how it is encrypted, and then they would have to find a suitable
key (itself encrypted, in the Password Manager server’s registry).
This provides as much protection as possible to sensitive data on the server, without compromising its
functionality.

9 The Secure Kiosk Account
A Secure Kiosk Account (SKA) enables users to access a self-service password reset application from a
workstation login screen without deploying desktop software.
The SKA merits its own analysis because it is a password-less guest account on the network operating
system (NOS). This analysis illustrates what vulnerabilities the SKA account does, and does not, introduce
to overall network security.
The SKA is the most deployable and secure technology available to address the problem of providing self-
service password reset to users who forget their initial workstation / network login password. Other options
are:
• Do nothing
User continues to call the help desk, authenticates on the telephone, and receives a new password
on the telephone.
• IVR self-service
Similar to doing nothing, but the help desk analyst is replaced by a machine. This option may suffer
from poor adoption rates.
• Visit a neighbor
A web browser is available at another workstation, and the user may be visually authenticated. Only
works for crowded work environments, however.
• Install desktop software
Client software on every desktop. Extremely risky, since a faulty client can expose vulnerabilities on
many workstations, or even render them inoperable.
• Secure Kiosk Account
The solution described here, and the one most often used in Hitachi ID Password Manager deploy-
ments:
A domain / NOS login account called “help,” with no password is created. A security policy is applied
to this account which locks it down, and replaces the default Windows shell with a special network-
launched executable that opens the workstation’s default web browser, in kiosk mode, to the self-
service password reset web application.
The net effect is that users who forget their initial passwords can type “help” to get automated service.
There is a unique process for implementing the SKA security policy on each NOS. The various policies
implement the same rules, however:
1. Lock the help user out of all local workstation privileges, by disabling every possible aspect of the
desktop, including preventing the user from starting command prompt windows, etc.
2. Prevent the help user from accessing any network resources.

3. For Windows 9x workstations, launch a kiosk-mode web browser immediately after starting the Win-
dows shell.
4. For Windows NT/2000/XP workstations, launch a kiosk-mode web browser as a replacement shell
(instead of the executable that displays the Windows desktop and start menu).
In all cases, the kiosk-mode web browser is launched by a program called runurl.exe. This program
is loaded from a public network share (typically on the Password Manager server or copied to each DC’s
NETLOGON share.) The program locks down the workstation by intercepting certain input event types (key-
board, mouse, etc.), finds the default web browser for the workstation in question, and starts it in kiosk
mode to the appropriate URL.
9.1 Protected Assets
The SKA is a network login ID intended to give users unauthenticated access to a limited set of functionality
on their own workstations. Accordingly, the two IT assets that are impacted by the SKA are:
1. User workstations where the SKA is available.
2. Network servers that honor the SKA user’s “authentication.”
9.2 Existing Risks
The following risks pre-exist the SKA account, are not repaired by the SKA account, but are worth pointing
out for clarity.
9.2.1 Workstation Security
Windows workstations are not secure. Windows NT, 2000 and XP workstations do have a security in-
frastructure, including password authentication and a filesystem with permissions (NTFS). However, any
intruder can restart the workstation with a DOS boot disk, run NTFSDOS, and gain unlimited access to the
the filesystem, bypassing authentication and access controls.
The above points are intended to highlight the fact that workstations running any version of Windows,
without significant enhancements (primarily a cryptographic filesystem unlocked by the login password) are
not secure.
It follows that the SKA cannot reduce workstation security (from zero).
The SKA does implement extensive workstation security features, to prevent a user from abusing the help
login to run programs on the workstation, alter its configuration, and so on.
These security measures are primarily intended to give the impression f security, since the workstation was
insecure before deploying the SKA, and continues to be insecure after SKA was deployed.

9.2.2 Network Infrastructure
The SKA account is only accessible to users who already have a working network connection. Without that,
they could not login to the domain as any user, even help.
Accordingly, a potential intruder who might try to abuse the help account is by definition already in a
physical location where he has a working network connection. That means that this intruder can already
run packet sniffers, port scanners, and so on.
Clearly, the SKA can not and does not prevent these kinds of attacks.
9.2.3 Network Servers
The SKA implements a password-less authentication to a Windows NT domain, a Windows 2000/2003 AD
domain or an NDS tree.
Any system that does not use the authentication infrastructure of the domain where the help account
is defined cannot be affected by the SKA. That means that Unix servers, ERP applications, mainframes,
minicomputers, and others are not impacted by SKA at all.
Firewalls, corporate directories, web servers, network shares and applications may be impacted if (and only
if):
1. They do require user authentication. If they do not authenticate users at all, then the help account is
not needed to access them.
2. They authenticate users against the NOS directory where SKA was defined. If they authenticate users
on a different directory or user database, then help will not have a valid login.
3. They allow sign-on by users with no particular privileges or group membership. Every user defined in
the NOS directory where help was defined has access to the application or service in question.
If the NOS is Windows 2000/2003, then the help security policy can be configured to prevent even this
attack (in particular, help cannot mount Windows 2000/2003 server shares).
9.3 Net New Vulnerability
The net result of the above is that the help account opens a new, anonymous access point to public network
resources (which were already open to everyone, but without anonymity). Users who used to access public
resources with their own IDs will now be able to access those same public systems as “help.”

10 Conclusions
This document illustrates that best-practice measures are implemented in the Hitachi ID Password Manager
software, to protect it against direct attack, to protect its communications, and to protect its data.
This document also highlights the fact that Password Manager is a sensitive server, and should be managed
carefully. In particular, it should be installed on a locked-down server, and managed with close attention to
security.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: /pub/wp/psynch/documents/security_analysis/psynch_security_analysis_5.tex
Date: November 20, 2006

Hitachi ID Password Manager Security Analysis

More Related Content

What's hot (20)

Similar to Hitachi ID Password Manager Security Analysis (20)

More from Hitachi ID Systems, Inc. (15)

Recently uploaded (20)

Hitachi ID Password Manager Security Analysis