lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue Jun 27 06:12:51 2006
From: michaelslists at gmail.com (mikeiscool)
Subject: Sniffing RFID ID's ( Physical Security )

On 6/27/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
> On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said:
> > eh?
> >
> > surely a RFID would only communicate it's private token with a trusted
> > (i.e. keyed) source.
> >
> > like a smartcard ...
>
> Well.. Yeah.  That *would* make sense.
>
> Unfortunately, some beancounter would likely realize they can shave $0.02 per
> card by doing it the easy way, or that they can save $40K by hiring a
> bonehead designer rather than a clued crypto geek.
>
> If all software was actually designed and implemented to the "Surely it would"
> standard, most of the people on this list, both black and white hats, would
> be unemployed.  Fortunately for our collective ability to cover our rent checks,
> almost all software has "Surely they *didn't*" flaws in it....

hang on,

does that make me a clued crypto geek? i better ask for a raise ...

but anyway; the op was asking for suggestions; my suggestion is to do
what i said. if someone is trying to make rfids secure; why not follow
the smartcard format?

-- mic

Powered by blists - more mailing lists