Re: Philips CRYPTO1 Algorithm

On Tue, 28 Mar 2006 13:59:12 -0800, dontbovver wrote:

My boss is thinking of using Mifare cards for a secure access system,
I'm meant to be looking into this. Mifare seems to use a proprietry
algorithm in it's Mifare cards called CRYPTO1. I can't find any specs on
this and was wondering if anyone had done any analysis of it to see how
secure it is.

Google is your friend.

This might not be, however: <http://www.cl.cam.ac.uk/~gh275/relay.pdf>

AFAICT the "Mifare" bit is the physical / datalink specification - these
cards are contactless and use some kind of inductive pickup system. The
CRYPTO1 part is the cipher.

One report says this might be triple-DES in disguise. The consensus seems
to be that it's a Phillips-proprietary stream cipher. If it's the latter
I'd avoid it - proprietary ciphers generally range from dubious to
shockingly bad, and stream ciphers are tricky to use securely. Come to
that, if it's the former I'd still avoid it if I could - IMHO triple-DES
is OK for legacy compatibility but has no place in a new system. I
don't see anything about authenticity verification for the enciphered
data stream, which would concern me.

HTH

Will.

.

Quantcast