[145102] in cryptography@c2.net mail archive
Re: Crypto dongles to secure online transactions
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Wed Nov 25 08:59:27 2009
From: Jerry Leichter <leichter@lrw.com>
To: Bill Frantz <frantz@pwpconsult.com>
In-Reply-To: <r02010500-1049-53E8A7E4D6F311DE826D0030658F0F64@[192.168.1.5]>
Date: Sat, 21 Nov 2009 18:31:40 -0500
Cc: cryptography@metzdowd.com
On Nov 21, 2009, at 6:12 PM, Bill Frantz wrote:
> leichter@lrw.com (Jerry Leichter) on Saturday, November 21, 2009
> wrote:
>
>> It's no big deal to read these cards,
>> and from many times the inch or so that the standard readers require.
>
> So surely someone has built a portable reader for counterfeiting the
> cards
> they read in restaurants near big target companies...
Well, my building card is plain white. If anyone duplicated it,
there'd be nothing stopping them from going in. But then the actual
security offered by those cards - and the building controls - is more
for show (and I suppose to keep the "riffraff" out - than anything else.
My work card has my photo and name on it, but there's nothing to
correlate name with underlying ID in normal operation. Snap a photo
of the card while you clone it, make up a reasonable simulacrum with
your own picture and name, and walk right in.
Not really more or less secure than the old days when you flashed you
(easily copied) badge to a card who probably only noticed that it was
about the right size and had roughly the right color. But it's higher
tech, so an improvement. :-)
Physical security for most institutions has never been very good, and
fortunately has never *needed* to be very good. Convenience wins out,
and technology gives a nice warm feeling. A favorite example: My
wife's parents live in a secured retirement community. The main
entrance has a guard who checks if you're on a list of known visitors,
or calls the people you're visiting if not. Residents used to have a
magnetic card, but that's a bit of pain to use. So it was replaced by
a system probably adapted from railroad freight card ID systems: You
stick big barcode in your passenger side window, and a laser scanner
on a post reads it and opens the door.
Of course, it's trivial to duplicate the sticker using a simple photo,
and since the system has to work from varying distances, at varying
angles, on moving cars, in all light and weather conditions, it can't
possibly be highly discriminating - almost certainly just a simple
Manchester-style decoder.
-- Jerry
> Cheers - Bill
>
> ---------------------------------------------------------------------------
> Bill Frantz |"After all, if the conventional wisdom was
> working, the
> 408-356-8506 | rate of systems being compromised would be
> going down,
> www.periwinkle.com | wouldn't it?" -- Marcus Ranum
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
