See:
- posted
19 years ago
See:
Alarmist reporting. They're confusing the general catagory of RFID with questions of exactly what crypographic validation may or may not be being used across that channel.
Bah. Humbug.
more of a theoretical vulnerability than a practical problem. The TI device uses a challenge/response system where the reader sends a challange to the I-button which calculates a response using its built in secret 40 bit key. The reader uses its own copy of the key to calculate what the response to the challenge should be and checks for a match. The algorithm is public knowledge and the security is in the key. Cracking the system involves collecting a number of challenge/response samples and searching the 40 bit keyspace (about a billion combinations) with each challenge taking about 0.1 seconds. Access, or at least proximity, to the key is required and the mechanical lock is still there. The RF keys used in some office buildings could be compromised by a crook with a directional antenna and a reader, but most of these systems use a PIN number as well.
more of a theoretical vulnerability than a practical problem. The TI device uses a challenge/response system where the reader sends a challange to the transponder which calculates a response using its built in secret 40 bit key. The reader uses its own copy of the key to calculate what the response to the challenge should be and checks for a match. The algorithm is public knowledge and the security is in the key. Cracking the system involves collecting a number of challenge/response samples and searching the 40 bit keyspace (about a billion combinations) with each challenge taking about 0.1 seconds. Access, or at least proximity, to the key is required during collection of the challenge/response samples and the mechanical lock is still there. The RF keys used in some office buildings could be compromised by a crook with a directional antenna and a reader, but most of these systems use a PIN number as well.
PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.