Dutch Transport Card Broken
sbg at acw.com
sbg at acw.com
Fri Jan 25 10:25:44 EST 2008
> How much security can you put into a plastic card, the size of a
> credit card, that has to perform its function in a secure manner, all
> in under 2 seconds (in under 1 second in parts of Asia)? And it has to
> do this while receiving its power via the electromagnetic field being
> generated by the reader.
The 24C3 presenters to their credit made this exact point. But mixing the
16-bit nonce with the card identifier was an optimization too far. That
said, it's a hard problem. Inside Picopass is one of many examples that
progress is possible.
IMHO as always.
Cheers, Scott
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list