|
Full Disclosure
mailing list archives
Re: Sniffing RFID ID's ( Physical Security )
From: mikeiscool <michaelslists () gmail com>
Date: Tue, 27 Jun 2006 15:12:44 +1000
On 6/27/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said:
> eh?
>
> surely a RFID would only communicate it's private token with a trusted
> (i.e. keyed) source.
>
> like a smartcard ...
Well.. Yeah. That *would* make sense.
Unfortunately, some beancounter would likely realize they can shave $0.02 per
card by doing it the easy way, or that they can save $40K by hiring a
bonehead designer rather than a clued crypto geek.
If all software was actually designed and implemented to the "Surely it would"
standard, most of the people on this list, both black and white hats, would
be unemployed. Fortunately for our collective ability to cover our rent checks,
almost all software has "Surely they *didn't*" flaws in it....
hang on,
does that make me a clued crypto geek? i better ask for a raise ...
but anyway; the op was asking for suggestions; my suggestion is to do
what i said. if someone is trying to make rfids secure; why not follow
the smartcard format?
-- mic
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
Intro
