lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 27 06:31:21 2006 From: joshuaperrymon at gmail.com (Josh L. Perrymon) Subject: Sniffing RFID ID's ( Physical Security ) My post was based more on *existing* RFID implementations used for physical security access cards. I know that non-contact cards such as RFID Credit Cards use encryption so on... But are still vulnerable to non-authorized transactions.. I'm mean.. there is no green button you push to authorize the transaction. But I just don't believe that the RFID access-card I use to access client premeises use any type of encryption or only communicate with specific readers. IF* this is the case then an attacker should have no problems powering the card and making a "copy" of the contents. JP PacketFocus www.packetfocus.com josh.perrymon@...ketfocus.com On 6/27/06, mikeiscool <michaelslists@...il.com> wrote: > > On 6/27/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote: > > On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said: > > > eh? > > > > > > surely a RFID would only communicate it's private token with a trusted > > > (i.e. keyed) source. > > > > > > like a smartcard ... > > > > Well.. Yeah. That *would* make sense. > > > > Unfortunately, some beancounter would likely realize they can shave > $0.02 per > > card by doing it the easy way, or that they can save $40K by hiring a > > bonehead designer rather than a clued crypto geek. > > > > If all software was actually designed and implemented to the "Surely it > would" > > standard, most of the people on this list, both black and white hats, > would > > be unemployed. Fortunately for our collective ability to cover our rent > checks, > > almost all software has "Surely they *didn't*" flaws in it.... > > hang on, > > does that make me a clued crypto geek? i better ask for a raise ... > > but anyway; the op was asking for suggestions; my suggestion is to do > what i said. if someone is trying to make rfids secure; why not follow > the smartcard format? > > -- mic > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/e58f6187/attachment.html
Powered by blists - more mailing lists