lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 27 06:12:51 2006 From: michaelslists at gmail.com (mikeiscool) Subject: Sniffing RFID ID's ( Physical Security ) On 6/27/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote: > On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said: > > eh? > > > > surely a RFID would only communicate it's private token with a trusted > > (i.e. keyed) source. > > > > like a smartcard ... > > Well.. Yeah. That *would* make sense. > > Unfortunately, some beancounter would likely realize they can shave $0.02 per > card by doing it the easy way, or that they can save $40K by hiring a > bonehead designer rather than a clued crypto geek. > > If all software was actually designed and implemented to the "Surely it would" > standard, most of the people on this list, both black and white hats, would > be unemployed. Fortunately for our collective ability to cover our rent checks, > almost all software has "Surely they *didn't*" flaws in it.... hang on, does that make me a clued crypto geek? i better ask for a raise ... but anyway; the op was asking for suggestions; my suggestion is to do what i said. if someone is trying to make rfids secure; why not follow the smartcard format? -- mic
Powered by blists - more mailing lists