[114016] in cryptography@c2.net mail archive
Re: Dutch Transport Card Broken
daemon@ATHENA.MIT.EDU (Henryk =?ISO-8859-1?B?UGz2dHo=?=)
Fri Jan 25 11:00:16 2008
Date: Fri, 25 Jan 2008 16:58:46 +0100
From: Henryk =?ISO-8859-1?B?UGz2dHo=?= <henryk@ploetzli.ch>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <17EABA7D-96A8-44C6-B8AF-D4472BB1ECEC@mac.com>
--Signature=_Fri__25_Jan_2008_16_58_46_+0100_.3AWUz6mGOQ8oxbm
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Moin,
Am Thu, 24 Jan 2008 20:58:38 -0800 schrieb Aram Perez:
> Not to defend the designers in any way or fashion, but I'd like to =20
> ask, How much security can you put into a plastic card, the size of
> a credit card, that has to perform its function in a secure manner,
> all in under 2 seconds (in under 1 second in parts of Asia)? And it
> has to do this while receiving its power via the electromagnetic
> field being generated by the reader.
Hmm, how about Triple-DES for starters? :-) There are cards using 3DES
(called Mifare DESfire) available from the same manufacturer (NXP) as
the Mifare Classic cards with the proprietary algorithm that we looked
at. Apparently the main difference is that DESfire cards cost 1.50 EUR
per piece while Classic cards are at 0.50 EUR per piece. Other public
transport systems, such as Madrid, did the sensible thing and chose
DESfire:
http://www.nxp.com/news/identification/articles/otm81/madrid/
--=20
Henryk Pl=F6tz
Gr=FC=DFe aus Berlin
~~ Help Microsoft fight software piracy: Give Linux to a friend today! ~
--Signature=_Fri__25_Jan_2008_16_58_46_+0100_.3AWUz6mGOQ8oxbm
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7-ecc0.1.6 (GNU/Linux)
iD8DBQFHmgc2vI90l8kWns8RAmzcAKCj4SL0y7HnLjJFuSgar5NXtFaEHgCfUi3O
NViN5jCaxNqucQvTCeu8goE=
=Erb9
-----END PGP SIGNATURE-----
--Signature=_Fri__25_Jan_2008_16_58_46_+0100_.3AWUz6mGOQ8oxbm--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
