On 19 May 2011 08:47:28 GMT, Steven D'Aprano <steve+comp.lang.pyt...@pearwood.info> wrote: : The real barrier to cracking Oyster cards is not that the source code is : unavailable, but that the intersection of the set of those who know how : to break encryption, and the set of those who want to break Oyster cards, : is relatively small. I don't know how long it took to break the encryption, : but I'd guess that it was probably a few days of effort by somebody : skilled in the art. : : http://www.usenix.org/events/sec08/tech/full_papers/nohl/nohl_html/index.html
In that paper, more than one art seem to have been applied. An open design would have eliminated the need for image analysis and reduced the requirement on hardware/electronics skills. Hence, the obfuscation has made that intersection you talk about smaller, and increased the cost of mounting the attack. As the system was broken anyway, it is hardly a victory for obfuscation, but that's beside the point. The work of that paper is almost certainly more than just «a few days of effort». There are simply to many technical issues to tackle, and they must be tackled one by one. The cost of mounting the attack is to figure out what it takes to do it, before spend the resources barking up the wrong tree. For each successful attack, there probably is a number of failed ones. Thanks for the reference. BTW. That's not the only attack on MIFARE. I cannot remember the details of the other. -- :-- Hans Georg -- http://mail.python.org/mailman/listinfo/python-list
