Re: Sniffing RFID ID's ( Physical Security )

[mikeiscool <michaelslists () gmail com>]

On 6/27/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
> On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said:
> > eh?
> >
> > surely a RFID would only communicate it's private token with a trusted
> > (i.e. keyed) source.
> >
> > like a smartcard ...
>
> Well.. Yeah.  That *would* make sense.
>
> Unfortunately, some beancounter would likely realize they can shave $0.02 per
> card by doing it the easy way, or that they can save $40K by hiring a
> bonehead designer rather than a clued crypto geek.
>
> If all software was actually designed and implemented to the "Surely it would"
> standard, most of the people on this list, both black and white hats, would
> be unemployed.  Fortunately for our collective ability to cover our rent checks,
> almost all software has "Surely they *didn't*" flaws in it....

hang on,

does that make me a clued crypto geek? i better ask for a raise ...

but anyway; the op was asking for suggestions; my suggestion is to do
what i said. if someone is trying to make rfids secure; why not follow
the smartcard format?

-- mic

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/