[114020] in cryptography@c2.net mail archive
RE: Dutch Transport Card Broken
daemon@ATHENA.MIT.EDU (Jim Cheesman)
Fri Jan 25 12:06:24 2008
From: "Jim Cheesman" <jcheesman@grupoburke.com>
To: "'Cryptography'" <cryptography@metzdowd.com>
Cc: "'Aram Perez'" <aramperez@mac.com>
Date: Fri, 25 Jan 2008 16:37:39 +0100
In-Reply-To: <17EABA7D-96A8-44C6-B8AF-D4472BB1ECEC@mac.com>
Oberthur Card Systems has a card designed for transit use with 3DES,
according to their datasheet (registration required,
http://www.oberthurcs.com/get_downloadsection_file.aspx?id=43&otherid=95&typ
eid=5) it's certainly fast enough.
Interestingly, they also make the card that's failed so spectacularly
here...
Regards,
Jim Cheesman
-----Mensaje original-----
De: owner-cryptography@metzdowd.com [mailto:owner-cryptography@metzdowd.com]
En nombre de Aram Perez
Enviado el: viernes, 25 de enero de 2008 5:59
Para: Cryptography
Asunto: Re: Dutch Transport Card Broken
Hi Folks,
> Ed Felten has an interesting post on his blog about a Dutch smartcard
> based transportation payment system that has been broken. Among other
> foolishness, the designers used a custom cryptosystem and 48 bit keys.
Not to defend the designers in any way or fashion, but I'd like to
ask, How much security can you put into a plastic card, the size of a
credit card, that has to perform its function in a secure manner, all
in under 2 seconds (in under 1 second in parts of Asia)? And it has to
do this while receiving its power via the electromagnetic field being
generated by the reader.
Regards,
Aram Perez
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
