Re: Weaknesses in Smart Cards? (Re: FLA_wed)
At 2:21 AM 9/26/96, Timothy C. May wrote: ...
Strip-back of the outer packaging is possible, of course. I'd need to know a lot more about the packaging used by VISA and other smartcard makers to know how economical this would be. (Breaking any single card is not necessarily a financial windfall, if the card has a limit, for example. This puts a limit on how much $$$ can be spent on cracking a chip.)
As best I can figure, extracting the secret from a Mondex card gives you not merely the money from the card, but the "digital plates" with which to mint arbitrarily much more money. I only say this because the only protocol the I can think of that fits what we do know of Mondex has this problem. This fault does not plague Chaum cash. I don't know how to code the card application so that a transient errors won't just occasionally cause the secret to be exported. Then again that may be possible to code it for "fail safe". If it were my money backing the Mondex cards, I would want to know how it worked.
As best I can figure, extracting the secret from a Mondex card gives you not merely the money from the card, but the "digital plates" with which to mint arbitrarily much more money. I only say this because the only protocol the I can think of that fits what we do know of Mondex has this problem. This fault does not plague Chaum cash.
There is no way to know for sure, since Mondex won't release the specs, but just about everybody I talk with that knows at least something about their system agrees that if you crack a Mondex card, you will likely be able to mint money. Since Mondex allows transfers from card to card to card, it may be a long time indeed before the breech is disovered. If I were a Mondex issuer, I would be worried. Very worried. --Lucky
participants (2)
-
Lucky Green -
norm@netcom.com