One (perhaps already reported) security hole in RFIDs [priv]

[Declan McCullagh <declan () well com>]

-------- Original Message --------
Subject: Re: [Politech] Who's liable for "smart card" security breaches?
Date: Fri, 15 Jul 2005 23:28:12 -0700
From: Hal Murray <hmurray () suespammers org>
To: declan () well com
CC: Richard M. Smith <rms () computerbytesman com>,        Hal Murray 
<hmurray () suespammers org>

Feeding >RFID crack< to google gets some interesting answers.

I don't remember seeing this mentioned in Politech (or anywhere else):

The RFID/DST scheme has been cracked.  Press Release is dated 29-Jan-2005.

http://rfidanalysis.org/
http://www.jhu.edu/news_info/news/home05/jan05/rfid.html

It's used by:
  150 million vehicle immobilizer keys (including 2005 Fords)
  Exxon Mobil Speedpass
    seven million cryptographically-enabled keychain tags
    10,000 locations worldwide

That scheme uses 40 bit keys.  Obviously weak by today's standards.
But it's shipping on 2005 Fords so somebody obviously didn't do their
homework.

They used a bank of FPGAs to speed up brute force key search.
  2 weeks to find a key when running on 10 very fast PCs.
  16 FPGSs got 5 keys in well under 2 hours.
(Doesn't look critical, but probably lots of fun and a good way to get grad
students working on the project.)

The FAQ mentions lack of public scrutiny.  That seems to confirm my 
security-by-obscurity feelings for the new RFID-CC scheme.


--
The suespammers.org mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other 
addresses.
These are my opinions, not necessarily my employer's.  I hate spam.



_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)