Group Demonstrates Security Hole in World’s Most Popular Smartcard
26 February 2008UVaToday has an article about Karsten Nohl’s work on reverse engineering the cryptographic algorithms on the Mifare Classic RFID tag:
… The idea of keeping secret the design of a security system is known in the trade as “security by obscurity.” It almost never works; the secret invariably leaks out and then the security is gone, Evans and Nohl said.
As a result, most security professionals espouse Kerckhoffs Principle — first published by the Dutch cryptographer Auguste Kerckhoffs in 1883 — the idea that the design of all security systems should be fully public, with the security dependent only on a secret key. Public review of security designs also tends to catch flaws during the design process, rather than after the flaws are inherent in expensive systems, such as in the Netherlands transit system, noted Nohl and Evans.
… If more consumers understand the fundamental flaw of “proprietary security algorithms” and other marketing-speak that touts what amounts to security by obscurity, then manufacturers may start opening up more of their security designs to the light of public scrutiny, which will ultimately result in better security in our digital age.
Full article: Group Demonstrates Security Hole in World’s Most Popular Smartcard, UVaToday, February 26, 2008.