Aram Perez <[EMAIL PROTECTED]> writes: >> Ed Felten has an interesting post on his blog about a Dutch smartcard >> based transportation payment system that has been broken. Among other >> foolishness, the designers used a custom cryptosystem and 48 bit keys. > > Not to defend the designers in any way or fashion, but I'd like to > ask, How much security can you put into a plastic card, the size of a > credit card, that has to perform its function in a secure manner, all > in under 2 seconds (in under 1 second in parts of Asia)?
Several other transit systems have payment cards that have proven remarkably resilient to attack. For example, the NYC "Metrocard" system has been attacked repeatedly without significant breaks (but it does not rely on its cards being tamperproof -- it is an online system using magstripes.) The authors of the paper on the Dutch break claim that it would have been possible to use far more secure means even given the basic design, such as a non-proprietary crypto algorithm and longer keys. I see no real reason to disbelieve this. In any case, if it was not possible to do this with smartcards, existing, well proven mechanisms that are in use in other transit systems could have been adopted. It is not necessary to use an unimplementable architecture when implementable and proven architectures exist. Often we hear of a false need for "engineering tradeoffs" in such circumstances. Engineering tradeoffs do indeed sometimes become critical in security design. However, you should be very skeptical when someone claims that they "need" to use a home grown crypto algorithm or that they "need" to use a home grown protocol instead of a well proven one. Generally these are not "engineering tradeoffs" but reflections of ignorance on the part of the designers. Perry -- Perry E. Metzger [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
