Google Site Search


Friday, January 25, 2008

New $2B Dutch Transport Card is Insecure

Ed Felten in his blog entry "New $2B Dutch Transport Card is Insecure" writes about the Dutch Transportation Card that is supposed to be insecure.

The problem is highlighted in the following statement:
Unfortunately the designers of Mifare Classic did not follow this principle. Instead, they chose to combine a secret algorithm with a relatively short 48-bit key. This is a problem because once you know the algorithm it’s possible for an attacker to search the entire 48-bit key space, and therefore to forge cards, in a matter or days or weeks. With 48 key bits, there are only about 280 trillion possible keys, which sounds like a lot to the person on the street but isn’t much of a barrier to today’s computers.

An extremely healthy discussion is going on in the comments section of the afore-mentioned blog post of Ed.

No comments: