> How much security can you put into a plastic card, the size of a > credit card, that has to perform its function in a secure manner, all > in under 2 seconds (in under 1 second in parts of Asia)? And it has to > do this while receiving its power via the electromagnetic field being > generated by the reader.
The 24C3 presenters to their credit made this exact point. But mixing the 16-bit nonce with the card identifier was an optimization too far. That said, it's a hard problem. Inside Picopass is one of many examples that progress is possible. IMHO as always. Cheers, Scott --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
