Crypto dongles to secure online transactions
Jerry Leichter
leichter at lrw.com
Sat Nov 21 18:31:40 EST 2009
On Nov 21, 2009, at 6:12 PM, Bill Frantz wrote:
> leichter at lrw.com (Jerry Leichter) on Saturday, November 21, 2009
> wrote:
>
>> It's no big deal to read these cards,
>> and from many times the inch or so that the standard readers require.
>
> So surely someone has built a portable reader for counterfeiting the
> cards
> they read in restaurants near big target companies...
Well, my building card is plain white. If anyone duplicated it,
there'd be nothing stopping them from going in. But then the actual
security offered by those cards - and the building controls - is more
for show (and I suppose to keep the "riffraff" out - than anything else.
My work card has my photo and name on it, but there's nothing to
correlate name with underlying ID in normal operation. Snap a photo
of the card while you clone it, make up a reasonable simulacrum with
your own picture and name, and walk right in.
Not really more or less secure than the old days when you flashed you
(easily copied) badge to a card who probably only noticed that it was
about the right size and had roughly the right color. But it's higher
tech, so an improvement. :-)
Physical security for most institutions has never been very good, and
fortunately has never *needed* to be very good. Convenience wins out,
and technology gives a nice warm feeling. A favorite example: My
wife's parents live in a secured retirement community. The main
entrance has a guard who checks if you're on a list of known visitors,
or calls the people you're visiting if not. Residents used to have a
magnetic card, but that's a bit of pain to use. So it was replaced by
a system probably adapted from railroad freight card ID systems: You
stick big barcode in your passenger side window, and a laser scanner
on a post reads it and opens the door.
Of course, it's trivial to duplicate the sticker using a simple photo,
and since the system has to work from varying distances, at varying
angles, on moving cars, in all light and weather conditions, it can't
possibly be highly discriminating - almost certainly just a simple
Manchester-style decoder.
-- Jerry
> Cheers - Bill
>
> ---------------------------------------------------------------------------
> Bill Frantz |"After all, if the conventional wisdom was
> working, the
> 408-356-8506 | rate of systems being compromised would be
> going down,
> www.periwinkle.com | wouldn't it?" -- Marcus Ranum
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list