[128070] in cryptography@c2.net mail archive
Mifare
daemon@ATHENA.MIT.EDU (James A. Donald)
Mon Jul 14 09:22:00 2008
Date: Sun, 13 Jul 2008 14:41:29 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <Pine.SOL.4.61.0807081704080.10406@mental>
http://www.youtube.com/watch?v=NW3RGbQTLhE shows the researchers
breaking Mifare.
And in the comments, we see posts (I presume from mifare people)
complaining that what is happening cannot possibly be happening.
Everyone on this list knows the correct way to do what Mifare does wrong.
So, since we all know how to do it right, why did Mifare come up with
their own super secret snake oil algorithm that no one ever reviewed?
More generaly, why is encryption generally implemented in such a damned
stupid manner?
Now everyone is going to say it should have been put out for review, and
of course it should have been, and had they done so they would have
avoided these particular mistakes, but DNSSEC and WPA was reviewed to
hell and back, and the result was still no damned good.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
