AOH :: PT-1058.HTM

One (perhaps already reported) security hole in RFIDs

One (perhaps already reported) security hole in RFIDs
One (perhaps already reported) security hole in RFIDs

-------- Original Message --------
Subject: Re: [Politech] Who's liable for "smart card" security breaches?
Date: Fri, 15 Jul 2005 23:28:12 -0700
From: Hal Murray  
CC: Richard M. Smith , Hal Murray 

Feeding >RFID crack< to google gets some interesting answers.

I don't remember seeing this mentioned in Politech (or anywhere else):

The RFID/DST scheme has been cracked.  Press Release is dated 29-Jan-2005. 

It's used by:
   150 million vehicle immobilizer keys (including 2005 Fords)
   Exxon Mobil Speedpass
     seven million cryptographically-enabled keychain tags
     10,000 locations worldwide

That scheme uses 40 bit keys.  Obviously weak by today's standards.
But it's shipping on 2005 Fords so somebody obviously didn't do their

They used a bank of FPGAs to speed up brute force key search.
   2 weeks to find a key when running on 10 very fast PCs.
   16 FPGSs got 5 keys in well under 2 hours.
(Doesn't look critical, but probably lots of fun and a good way to get grad
students working on the project.)

The FAQ mentions lack of public scrutiny.  That seems to confirm my 
security-by-obscurity feelings for the new RFID-CC scheme.

The mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my address or any of my other 
These are my opinions, not necessarily my employer's.  I hate spam.

Politech mailing list
Archived at 
Moderated by Declan McCullagh ( 

Make REAL money with your website!

The entire AOH site is optimized to look best in Firefox® 2.0 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to