Why require contactless in the first place? Is swiping one's card, credit-card style too difficult for the average user? I'm thinking two parallel copper traces on the card could be used to power it for the duration of the swipe, with power provided by the reader. Why, in a billion-dollar project, one must use COTS RFIDs - with their attendant privacy and security problems - is beyond me.
A little ingenuity would have gone a long way. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karsten Nohl Sent: Monday, January 28, 2008 12:41 AM To: Aram Perez Cc: Cryptography Subject: Re: Dutch Transport Card Broken > Not to defend the designers in any way or fashion, but I'd like to > ask, How much security can you put into a plastic card, the size of a > credit card, that has to perform its function in a secure manner, all > in under > 2 seconds (in under 1 second in parts of Asia)? And it has to do this > while receiving its power via the electromagnetic field being > generated by the reader. You are raising a very interesting point. The constraints under which RFIDs and contactless smart-cards need to operate seem to vary widely depending on the application. The Mifare Classic cards, for example, authenticate in under 2 ms, but wouldn't need to be that fast as you point out. Their crypto is also very small, much smaller even than their flash memory. What good is it, though, to have a lot of memory that is badly protected? Last, the power consumption of the Mifare cards is certainly lower than others, which doesn't matter, though, in the near-field where even micro-processor based designs can operate. This is where contactless smart-cards and RFIDs get confused often. Only for the latter ones power consumption is a limiting constraint. To answer your question directly: Within the limits of Mifare Classic (48-bit cipher, 16-bit RNG), one can build a 64-bit cipher that generates 'random' numbers internally. Within the same limits, one could almost implement TEA which at least has undergone its share of peer-review. Again: Trading some of the memory for this much higher level of security would certainly have been worth it. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]