“If you do rely on Mifare security for ANYTHING, start migrating”
“You can do it in your kitchen” Karsten Nohls presentation at CCC was rather cool
Not all Mifare tags are broken. Mifare Classic is now hacked. Philips has Mifare versions that are notcracked yet. They are based on triple DES.
fake 32 bit security (16 bits x 2)
"So that's basically the random number and the challenge response (is) completely broken. Not by us but by design."
Nohls: “If that weren't the case, 16 bit random numbers means you listen in on 128 transactions and then, after (...) another 128, you see one of the challenges again. So without any control over the randomness here, you WILL break it in minutes."