Dutch Transport Card Broken
Karsten Nohl
listen at nohlnet.de
Mon Jan 28 01:41:27 EST 2008
> Not to defend the designers in any way or fashion, but I'd like to ask,
> How much security can you put into a plastic card, the size of a credit
> card, that has to perform its function in a secure manner, all in under
> 2 seconds (in under 1 second in parts of Asia)? And it has to do this
> while receiving its power via the electromagnetic field being generated
> by the reader.
You are raising a very interesting point. The constraints under which
RFIDs and contactless smart-cards need to operate seem to vary widely
depending on the application.
The Mifare Classic cards, for example, authenticate in under 2 ms, but
wouldn't need to be that fast as you point out. Their crypto is also
very small, much smaller even than their flash memory. What good is it,
though, to have a lot of memory that is badly protected?
Last, the power consumption of the Mifare cards is certainly lower than
others, which doesn't matter, though, in the near-field where even
micro-processor based designs can operate. This is where contactless
smart-cards and RFIDs get confused often. Only for the latter ones power
consumption is a limiting constraint.
To answer your question directly: Within the limits of Mifare Classic
(48-bit cipher, 16-bit RNG), one can build a 64-bit cipher that
generates 'random' numbers internally. Within the same limits, one could
almost implement TEA which at least has undergone its share of
peer-review. Again: Trading some of the memory for this much higher
level of security would certainly have been worth it.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list