[114009] in cryptography@c2.net mail archive
Re: Dutch Transport Card Broken
daemon@ATHENA.MIT.EDU (sbg@acw.com)
Fri Jan 25 10:49:51 2008
In-Reply-To: <17EABA7D-96A8-44C6-B8AF-D4472BB1ECEC@mac.com>
Date: Fri, 25 Jan 2008 08:25:44 -0700 (MST)
From: sbg@acw.com
To: "Aram Perez" <aramperez@mac.com>
Cc: "Cryptography" <cryptography@metzdowd.com>
> How much security can you put into a plastic card, the size of a
> credit card, that has to perform its function in a secure manner, all
> in under 2 seconds (in under 1 second in parts of Asia)? And it has to
> do this while receiving its power via the electromagnetic field being
> generated by the reader.
The 24C3 presenters to their credit made this exact point. But mixing the
16-bit nonce with the card identifier was an optimization too far. That
said, it's a hard problem. Inside Picopass is one of many examples that
progress is possible.
IMHO as always.
Cheers, Scott
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
