For Securilock Cracked

Alarmist reporting. They're confusing the general catagory of RFID with questions of exactly what crypographic validation may or may not be being used across that channel.

Bah. Humbug.

more of a theoretical vulnerability than a practical problem. The TI device uses a challenge/response system where the reader sends a challange to the I-button which calculates a response using its built in secret 40 bit key. The reader uses its own copy of the key to calculate what the response to the challenge should be and checks for a match. The algorithm is public knowledge and the security is in the key. Cracking the system involves collecting a number of challenge/response samples and searching the 40 bit keyspace (about a billion combinations) with each challenge taking about 0.1 seconds. Access, or at least proximity, to the key is required and the mechanical lock is still there. The RF keys used in some office buildings could be compromised by a crook with a directional antenna and a reader, but most of these systems use a PIN number as well.

more of a theoretical vulnerability than a practical problem. The TI device uses a challenge/response system where the reader sends a challange to the transponder which calculates a response using its built in secret 40 bit key. The reader uses its own copy of the key to calculate what the response to the challenge should be and checks for a match. The algorithm is public knowledge and the security is in the key. Cracking the system involves collecting a number of challenge/response samples and searching the 40 bit keyspace (about a billion combinations) with each challenge taking about 0.1 seconds. Access, or at least proximity, to the key is required during collection of the challenge/response samples and the mechanical lock is still there. The RF keys used in some office buildings could be compromised by a crook with a directional antenna and a reader, but most of these systems use a PIN number as well.