Thursday March 13, 2008 Dave's Bit Bucket
Dave Walker's jottings - mostly pertaining to security
Thursday March 13, 2008 Mifare Classic, the budget RFID card which uses the proprietary Crypto1 algorithm, has been cracked.
While I'm not that surprised that the crack has been achieved, especially given what the disclosure paper says, it would appear that the researchers went to lengths the likes of which I've only seen Ross Anderson and his electron microscope- (and laser-) wielding friends go to, before. In particular, deducing the algorithm by 3D modelling of the silicon from electron micrographs, in order to produce the gate pattern, is a new one on me.
Well done to the team involved, especially over their care to state that only Classic, rather than other Mifare products, are associated with the crack, and that some simple changes to Classic would mitigate against their attack method.
Still, once again, they have proved that if a user has physical control over a device and its operating environment, DRM is a non-starter.
(2008-03-13 09:39:16.0) Permalink Comments [1]
Trackback URL: http://blogs.sun.com/davew/entry/mifare_classic_cracked
Post a Comment:
Calendar
| « November 2009 | ||||||
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
1 | ||||||
2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 | 24 | 25 | 26 | 27 | 28 | 29 |
30 | ||||||
| Today | ||||||
RSS Feeds
All
/Cooking
/General
/Java
/Networking
/Security
FYI the first announcement was made during the annual "security conference" 24C3 in Berlin.
A video is available at the conference's website: http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html
I can recommend watching it!
Posted by MS on March 13, 2008 at 07:35 PM GMT #