On Thu, 19 May 2011 06:21:08 +0100, Hans Georg Schaathun wrote: > : Are you talking about the Mayfair classical cipher here? > > I am talking about the system used in public transport cards like Oyster > and Octopus. I am not sure how classical it is, or whether > mayfair/mayfare referred to the system or just a cipher.
I think Geremy is talking about the Playfair cipher: http://en.wikipedia.org/wiki/Playfair_cipher > Any way, it was broken, and it took years. You don't know that. All you know is that it took years for people to realise that it had been broken, when a security researcher publicly announced the MIFARE cipher had been broken. If criminals had broken the cipher, they would have had no incentive to publicize the fact, and the companies running Oyster and similar ticketing schemes would have no incentive to admit they were broken. Far from it: all the incentives are against disclosure. So it's possible that Oyster cards have been counterfeited for years without anyone but the counterfitters, and possibly the Oyster card people themselves, knowing. The real barrier to cracking Oyster cards is not that the source code is unavailable, but that the intersection of the set of those who know how to break encryption, and the set of those who want to break Oyster cards, is relatively small. I don't know how long it took to break the encryption, but I'd guess that it was probably a few days of effort by somebody skilled in the art. http://www.usenix.org/events/sec08/tech/full_papers/nohl/nohl_html/index.html -- Steven -- http://mail.python.org/mailman/listinfo/python-list
