![[Politech logo]](http://www.politechbot.com/image/logo.gif){kind=logo}
Politech is the oldest Internet resource devoted to politics and technology. Launched in 1994 by Declan McCullagh, the mailing list has chronicled the growing intersection of law, culture, technology, and politics. Since 2000, so has the Politech web site.
-------- Original Message -------- Subject: Re: [Politech] Who's liable for "smart card" security breaches? Date: Fri, 15 Jul 2005 23:28:12 -0700 From: Hal Murray <hmurray@suespammers.org> To: declan@well.com CC: Richard M. Smith <rms@computerbytesman.com>, Hal Murray <hmurray@suespammers.org> Feeding >RFID crack< to google gets some interesting answers. I don't remember seeing this mentioned in Politech (or anywhere else): The RFID/DST scheme has been cracked. Press Release is dated 29-Jan-2005. http://rfidanalysis.org/ http://www.jhu.edu/news_info/news/home05/jan05/rfid.html It's used by: 150 million vehicle immobilizer keys (including 2005 Fords) Exxon Mobil Speedpass seven million cryptographically-enabled keychain tags 10,000 locations worldwide That scheme uses 40 bit keys. Obviously weak by today's standards. But it's shipping on 2005 Fords so somebody obviously didn't do their homework. They used a bank of FPGAs to speed up brute force key search. 2 weeks to find a key when running on 10 very fast PCs. 16 FPGSs got 5 keys in well under 2 hours. (Doesn't look critical, but probably lots of fun and a good way to get grad students working on the project.) The FAQ mentions lack of public scrutiny. That seems to confirm my security-by-obscurity feelings for the new RFID-CC scheme. -- The suespammers.org mail server is located in California. So are all my other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited commercial e-mail to my suespammers.org address or any of my other addresses. These are my opinions, not necessarily my employer's. I hate spam.
Posted by Declan McCullagh on Jul 17, 2005 in category privacy
Get a Politech feed through RSS or Atom
![[RSS]](http://www.politechbot.com/image/xml.gif)
![[Atom]](http://www.politechbot.com/image/atom.gif)
The Politech general information pages and
photographs are copyrighted by Declan
McCullagh. Original posts distributed to the mailing list are licensed under a Creative
Commons License.
