RE: [Muscle] smartcard operating system replacement

Thu, 14 Aug 2003 11:23:17 -0700 

A cookie jar is not a bank.  A cookie jar is not a bank.  A cookie jar is not a bank.
 
We have to get over the notion that all smart cards have to be built for
the most secure application.
 
A cookie jar is a fine place to keep some money ... for some amounts of money.
 
A Funcard is a fine smart card ... for some smart card applications.  
 
You want to turn loose your electron microscope to find out my current
rating in Wizards of Zoron, have a good time.
 
There are 1,000's of smart card applications that can be implemented
on smart cards that neither Canal Plus or Visa would approve.  There's
lots of perfectly useful cryptography that these folks won't use either.
 
A smart card consisting of a PIC chip glued to a piece of cardboard is
a perfectly fine smart card ... for  some applications.
 
IMHO, as always.
 
Cheers, Scott

        -----Original Message----- 
        From: Jim Rees [mailto:[EMAIL PROTECTED] 
        Sent: Thu 8/7/2003 3:03 PM 
        To: [EMAIL PROTECTED] 
        Cc: 
        Subject: Re: [Muscle] smartcard operating system replacement 
        
        

        The Funcard is not a smartcard.  The Funcard is not a smartcard.  The
        Funcard is not a smartcard.
        
        You can use it to debug and test your smartcard applications, but it does
        not have the tamper resistance of a real smartcard.  The whole point of
        carrying a smartcard is that if someone steals it, they can't extract the
        keys, and they can't use it without a PIN.  The Funcard is just a small
        computer with a 7816 interface and no more tamper resistance than a
        Palmpilot.
        
        I have no opinions on Atmel programmers.  I would choose the one that has
        the best documentation and the best linux support.  Beware of programmers
        that come with a Windows app and nothing else.  You can't use a standard
        smartcard reader to program an Atmel chip.
        
        As for the dangers of playing with smartcards, they are real.  DirecTV has
        apparently used customer lists of some of these manufacturers to pick on
        people.  Assuming you aren't stealing service, you should be able to win in
        court, but it will cost you so much to defend yourself that it won't really
        matter whether you "win" or "lose."  I'm not worried myself because I work
        for a University research lab, but if you are on your own and don't have a
        legal staff, you will have to assess the risk for yourself.
        _______________________________________________
        Muscle mailing list
        [EMAIL PROTECTED]
        http://lists.musclecard.com/mailman/listinfo/muscle
        


_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.musclecard.com/mailman/listinfo/muscle

Reply via email to