Perry E. Metzger wrote:
Nothing terribly new here -- short interview with someone who bought
an RFID credit card reader on ebay for $8 and demonstrates getting
people's credit card information at short distances using it. Still,
it is interesting to see how trivial it is to do.

Yeah, but...

He's talking bollocks when he says that the decryption should be done in some secure datacentre. That wouldn't save you unless there was some kind of handshake with the card - and the trouble is, those cards don't have the power to do any real crypto.

In the absence of something to prevent MitM, you would just intercept the encrypted contents of the card, and then use that. So why bother to encrypt it?

So, the bottom line is you need more horsepower in the gadget that controls your money, so you can do real crypto.

Then we get to the next problem: we don't trust the device with the keypad and display. So, we need to add that to the GTCYM (Gadget That Controls Your Money).

And so we end up at the position that we have ended up at so many times before: the GTCYM has to have a decent processor, a keyboard and a screen, and must be portable and secure.

One day we'll stop concluding this and actually do something about it.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to