Comments on: RFID Security and Stability http://www.news.software.coop/rfid-security-and-stability/20/ What software.coop is doing and contemplating Thu, 09 Feb 2012 16:10:08 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: MJ Ray http://www.news.software.coop/rfid-security-and-stability/20/#comment-246 MJ Ray Mon, 18 Aug 2008 19:27:01 +0000 http://www.news.software.coop/?p=20#comment-246 Someone sent me this PDF of a Defcon presentation about fare card cracking http://tinyurl.com/63sbxm Someone sent me this PDF of a Defcon presentation about fare card cracking http://tinyurl.com/63sbxm

]]> By: MJ Ray http://www.news.software.coop/rfid-security-and-stability/20/#comment-245 MJ Ray Tue, 12 Aug 2008 10:18:45 +0000 http://www.news.software.coop/?p=20#comment-245 Thanks for that JT! It gives me a bit more info, but also confirms what I suspected about NXP being a bit secretive. Thanks for that JT! It gives me a bit more info, but also confirms what I suspected about NXP being a bit secretive.

]]> By: James Taylor http://www.news.software.coop/rfid-security-and-stability/20/#comment-244 James Taylor Thu, 07 Aug 2008 11:39:14 +0000 http://www.news.software.coop/?p=20#comment-244 I'ld like to append http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9069558 is a relativly good article on how/what the crack actually is. I’ld like to append http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9069558 is a relativly good article on how/what the crack actually is.

]]> By: James Taylor http://www.news.software.coop/rfid-security-and-stability/20/#comment-243 James Taylor Thu, 07 Aug 2008 09:30:39 +0000 http://www.news.software.coop/?p=20#comment-243 Lo Sleffy. The Mifare crack is'nt as bad as the media is raving about. What has happend is that they have managed to crack the basic cryptography in the Mifare chip - which means you might be able to read the data on the Mifare cards. Most implementations of systems using Mifare however use both a server component as well as the on-tag component - where Mifare is designed to have the value stored on the card, in the Oyster system, this is true, but they also store the value on the Server. When you are using offline nodes, it decrements the value until you run through an "online" node, where the server gets linked. If you use a cloned card, then the system will detect whenever you go through an "online" node - and in Oyster, most of the nodes are online iirc. The Mifare cracking dosn't make mifare solutions insecure - hell, a lot of solutions using mifare tags actually have their data readable with publically known keys. Whats made matters worse is that NXP has always been very secretive about how their Mifare cryptography works - I believe this is what stopped them getting their Mifare card accepted as NFC Type A(?) compatible, and also now, its caused this media backlash against them. Best Regards JT Lo Sleffy.
The Mifare crack is’nt as bad as the media is raving about. What has happend is that they have managed to crack the basic cryptography in the Mifare chip – which means you might be able to read the data on the Mifare cards.
Most implementations of systems using Mifare however use both a server component as well as the on-tag component – where Mifare is designed to have the value stored on the card, in the Oyster system, this is true, but they also store the value on the Server.
When you are using offline nodes, it decrements the value until you run through an “online” node, where the server gets linked. If you use a cloned card, then the system will detect whenever you go through an “online” node – and in Oyster, most of the nodes are online iirc.
The Mifare cracking dosn’t make mifare solutions insecure – hell, a lot of solutions using mifare tags actually have their data readable with publically known keys.
Whats made matters worse is that NXP has always been very secretive about how their Mifare cryptography works – I believe this is what stopped them getting their Mifare card accepted as NFC Type A(?) compatible, and also now, its caused this media backlash against them.

Best Regards
JT

]]>