Fwd: New results against the Mifare cipher

[Arshad Noor <arshad.noor@strongauth.com>]

This is what happens when governments give out contracts 
without a public review and discussion of the security 
architecture of multi-billion dollar projects.  

Given that people in the security field have a penchant for 
voicing their opinions - ;-) - it amazes me that government 
agencies do not take advantage of the free reviews they can
get for an IT project before awarding the contract; all they 
have to do is post it to one of the security/crypto forums
and ask for an opinion!

Arshad Noor
StrongAuth, Inc.

----- Forwarded Message -----
From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
To: cryptography@metzdowd.com
Sent: Thursday, April 17, 2008 1:21:28 AM (GMT-0800) America/Los_Angeles
Subject: New results against the Mifare cipher

  http://eprint.iacr.org/2008/166

  Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster
  Cards

  Nicolas T. Courtois and Karsten Nohl and Sean O'Neil

  MiFare Crypto 1 is a lightweight stream cipher used in London's Oyster card,
  Netherland's OV-Chipcard, US Boston's CharlieCard, and in numerous wireless
  access control and ticketing systems worldwide. Recently, researchers have
  been able to recover this algorithm by reverse engineering.

  We have examined MiFare from the point of view of the so called "algebraic
  attacks". We can recover the full 48-bit key of MiFare algorithm in 200
  seconds on a PC, given 1 known IV (from one single encryption).

  The security of this cipher is therefore close to zero. This is particularly
  shocking, given the fact that, according to the Dutch press, 1 billion of
  MiFare Classic chips are used worldwide, including in many governmental
  security systems.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com