RE: Dutch Transport Card Broken

2008-01-29 Thread Crawford Nathan-HMGT87
Why require contactless in the first place? Is swiping one's card, credit-card style too difficult for the average user? I'm thinking two parallel copper traces on the card could be used to power it for the duration of the swipe, with power provided by the reader. Why, in a billion-dollar

RE: Dutch Transport Card Broken

2008-01-30 Thread Crawford Nathan-HMGT87
Folks on this list and its progenitors have long noted that cryptography is a matter of economics. Agreed, but using an insecure technology doesn't make sense from even an economic perspective. They spent enough money that they could have implemented a secure system, but instead, made two

RE: Designing and implementing malicious hardware

2008-04-26 Thread Crawford Nathan-HMGT87
I suppose Ken Thompson's, Reflections on Trusting Trust is appropriate here. This kind of vulnerability has been known about for quite some time, but did not have much relevance until the advent of ubiquitous networking. - The