[Politech] One (perhaps already reported) security hole in RFIDs [priv]

From: Declan McCullagh (declan@private)
Date: Sat Jul 16 2005 - 23:02:55 PDT

-------- Original Message --------
Subject: Re: [Politech] Who's liable for "smart card" security breaches?
Date: Fri, 15 Jul 2005 23:28:12 -0700
From: Hal Murray <hmurray@private>
To: declan@private
CC: Richard M. Smith <rms@private>,        Hal Murray 

Feeding >RFID crack< to google gets some interesting answers.

I don't remember seeing this mentioned in Politech (or anywhere else):

The RFID/DST scheme has been cracked.  Press Release is dated 29-Jan-2005.


It's used by:
   150 million vehicle immobilizer keys (including 2005 Fords)
   Exxon Mobil Speedpass
     seven million cryptographically-enabled keychain tags
     10,000 locations worldwide

That scheme uses 40 bit keys.  Obviously weak by today's standards.
But it's shipping on 2005 Fords so somebody obviously didn't do their

They used a bank of FPGAs to speed up brute force key search.
   2 weeks to find a key when running on 10 very fast PCs.
   16 FPGSs got 5 keys in well under 2 hours.
(Doesn't look critical, but probably lots of fun and a good way to get grad
students working on the project.)

The FAQ mentions lack of public scrutiny.  That seems to confirm my 
security-by-obscurity feelings for the new RFID-CC scheme.

The suespammers.org mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other 
These are my opinions, not necessarily my employer's.  I hate spam.

Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

This archive was generated by hypermail 2.1.3 : Sat Jul 16 2005 - 23:32:11 PDT