Crypto dongles to secure online transactions

Jerry Leichter leichter at lrw.com
Sat Nov 21 18:31:40 EST 2009 

On Nov 21, 2009, at 6:12 PM, Bill Frantz wrote:

> leichter at lrw.com (Jerry Leichter) on Saturday, November 21, 2009  
> wrote:
>
>> It's no big deal to read these cards,
>> and from many times the inch or so that the standard readers require.
>
> So surely someone has built a portable reader for counterfeiting the  
> cards
> they read in restaurants near big target companies...
Well, my building card is plain white.  If anyone duplicated it,  
there'd be nothing stopping them from going in.  But then the actual  
security offered by those cards - and the building controls - is more  
for show (and I suppose to keep the "riffraff" out - than anything else.

My work card has my photo and name on it, but there's nothing to  
correlate name with underlying ID in normal operation.  Snap a photo  
of the card while you clone it, make up a reasonable simulacrum with  
your own picture and name, and walk right in.

Not really more or less secure than the old days when you flashed you  
(easily copied) badge to a card who probably only noticed that it was  
about the right size and had roughly the right color.  But it's higher  
tech, so an improvement.  :-)

Physical security for most institutions has never been very good, and  
fortunately has never *needed* to be very good.  Convenience wins out,  
and technology gives a nice warm feeling.  A favorite example:  My  
wife's parents live in a secured retirement community.  The main  
entrance has a guard who checks if you're on a list of known visitors,  
or calls the people you're visiting if not.  Residents used to have a  
magnetic card, but that's a bit of pain to use.  So it was replaced by  
a system probably adapted from railroad freight card ID systems:  You  
stick big barcode in your passenger side window, and a laser scanner  
on a post reads it and opens the door.

Of course, it's trivial to duplicate the sticker using a simple photo,  
and since the system has to work from varying distances, at varying  
angles, on moving cars, in all light and weather conditions, it can't  
possibly be highly discriminating - almost certainly just a simple  
Manchester-style decoder.

                                                         -- Jerry

> Cheers - Bill
>
> ---------------------------------------------------------------------------
> Bill Frantz        |"After all, if the conventional wisdom was  
> working, the
> 408-356-8506       | rate of systems being compromised would be  
> going down,
> www.periwinkle.com | wouldn't it?" -- Marcus Ranum

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list