RSA offer to replace tokens is weak if defense-industry attackers can make their own