i need to recharge the battery to make my security key work

Contact SE they'll tell you how to get a replacement.

they cant be recharged.. the only thing you can do is buy anther one i think. though the batteries are suppose to last 4-5 years average depending on their use.. im surprised urs is dead already.

they tell you when you ordered the first one that they have to send you a replacement.....

do you have to pay for it though? i dont remember

Yes, you have to pay for a replacement token.

The battery is not rechargable. The unit is built to self-destruct if you open it, and there are no ports to charge or transfer any data. This keeps it from being hackable by trying to figure out what the authentication server clock is set to. If you could read out the timer on the token or change it, you could reverse the algorithm on the token and thus the server, and generate codes for any token you know the number to. Then a keylogger reading someone linking their token to their SE ID could give you the info to generate their one-time passwords.

If you open it, the battery comes out, and the clock resets to a default time. Only the factory can set the clocks in sync to the server during assembly, and the clock is not set to the real current time, it's offset by an unknown amount.

The whole reason the token works is because the formula and current server time are secret and attempts to figure them out destroy the token.

tl;dr on bungiefans explanation:

It can't be recharged or opened in order to keep the security tokens secure. Most security tokens are made this way.

i need to recharge the battery to make my security key work

It's designed to suicide if an attempt is made to open it or tamper with it in order to keep it's key out of the wrong hands. They're meant to be thrown away and replaced.

Note that successfully obtaining the key of one token wouldn't compromise all tokens because every token has a unique key. They rely on the key being a secret rather than the encryption algorithm being secret. In fact the encryption method used is publicly known (SE's tokens are a Digipass Go 6 and can use DES, 3DES or AES although I can't imagine anyone ever chooses DES).

If you could read out the timer on the token or change it, you could reverse the algorithm on the token and thus the server, and generate codes for any token you know the number to.

No you couldn't. I can tell you right now that they are using either 3DES or AES. These encryption algorithms are publicly known but it doesn't do you any good as long as the key is secret. And every token has a different key so even getting the key from one token wouldn't help you hack other tokens.

This isn't the same as blu-ray movies or game consoles. With these tokens you have a unique key for every one. It's no problem for the server to have a big list of which accounts are using which tokens. On a game or movie you can't do that because one disk has to work with multiple players.


I'm also 100% sure that the serial number on the token is mathematically unrelated to the encryption key that the token uses.

Encryption only gets broken when someone did something stupid, when computers become fast enough to brute force crack it in a reasonable amount of time or when the encryption was weak to begin with. That's why you should always hire experts to do this sort of stuff for you rather than trying to do it yourself (*cough* *PS3* *cough*) This is the entire reason companies like VASCO, Verisign, RSA etc. exist. They are who you hire when you want to make sure that nobody does anything dumb that will get your encryption broken by hackers.