Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered
Moin, Am Tue, 15 Jan 2008 12:28:37 + schrieb Steven J. Murdoch: There is some confusion on the cryptography mailing list over whether the Crypto1 encryption algorithm which you reverse engineered is the same as the Hitag 2 one. NXP don't help things by branding both as Mifare. http://www.mail-archive.com/cryptography@metzdowd.com/msg08478.html It would help to clarify things if you sent a mail to that list saying whether or not the code mentioned in the above email is equivalent to Crypto1. No it's not. http://cryptanalysis.eu/blog/2007/12/29/mifare-crypto1/#comment-391 Karsten also said that though Hitag2 similar in structure to Crypto1, the former is less complex, and may be a predecessor or something. -- Henryk Plötz Grüße aus Berlin ~~ Help Microsoft fight software piracy: Give Linux to a friend today! ~ pgpIJqe3GDfEL.pgp Description: PGP signature
Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered
* markus reichelt [EMAIL PROTECTED] wrote: * Ralf-Philipp Weinmann [EMAIL PROTECTED] wrote: My colleague Erik took photos of the slides which I put up on Zooomr [0]. A video recording of the talk should be available shortly and will be linked here. preliminary link for the video: it's now on google video: http://video.google.com/videoplay?docid=4252367680974396650hl=en -- left blank, right bald pgpBRBw8UbzJ3.pgp Description: PGP signature
Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered
The 48-bit Philips Hitag2 algorithm has been completely reverse- engineered a long time ago: http://cryptolib.com/ciphers/hitag2/ Ruptor - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered
* Ralf-Philipp Weinmann [EMAIL PROTECTED] wrote: My colleague Erik took photos of the slides which I put up on Zooomr [0]. A video recording of the talk should be available shortly and will be linked here. preliminary link for the video: http://stan.freitagsrunde.org/mirror/24c3/matroska/24c3-2378-en-mifare_security.mkv -- left blank, right bald pgpEBaezFdod1.pgp Description: PGP signature
Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered
From http://cryptanalysis.eu/blog/2007/12/29/mifare-crypto1: MiFare’s CRYPTO1 stream cipher has captured my attention for a while. However, hardware reverse-engineering is not a field I actively engage in. So I was very happy when Karsten Nohl (University of Virginia), Starbug and Henryk Plötz gave a talk at the 24C3 [the 24th Congress of the Chaos Computer Club taking place in Berlin at this very moment] yesterday evening showing that they have reverse-engineered most parts of this cipher. CRYPTO1 uses a 48-bit LFSR-based filter generator to generate key stream. The filter function - if I understood correctly - uses 20 taps (this was not mentioned in the talk, I asked Karsten privately about this) however the degree of the boolean function implementing the filter, thus it remains to be seen whether algebraic attacks can be applied. Even if no algebraic attacks are applied, a BSW sampling TMTO will break CRYPTO1 completely. This was pretty obvious before they gave their talk, but now vendors actually have to worry about this being out in the wild once the feedback and the filter function have been revealed. My colleague Erik took photos of the slides which I put up on Zooomr [0]. A video recording of the talk should be available shortly and will be linked here. [0] http://www.zooomr.com/photos/ralf/sets/26758/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]