This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Schneier on Security: Blog Entries Tagged cryptography

Schneier on Security

Blog > Entries by Tag >

Entries Tagged “cryptography”

Page 32 of 44

KeeLoq Still Broken

That's the key entry system used by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Lexus, Volvo, Volkswagen, Jaguar, and probably others. It's broken:

The KeeLoq encryption algorithm is widely used for security relevant applications, e.g., in the form of passive Radio Frequency Identification (RFID) transponders for car immobilizers and in various access control and Remote Keyless Entry (RKE) systems, e.g., for opening car doors and garage doors.

We present the first successful DPA (Differential Power Analysis) attacks on numerous commercially available products employing KeeLoq. These so-called side-channel attacks are based on measuring and evaluating the power consumption of a KeeLoq device during its operation. Using our techniques, an attacker can reveal not only the secret key of remote controls in less than one hour, but also the manufacturer key of the corresponding receivers in less than one day. Knowing the manufacturer key allows for creating an arbitrary number of valid new keys and generating new remote controls.

We further propose a new eavesdropping attack for which monitoring of two ciphertexts, sent from a remote control employing KeeLoq code hopping (car key, garage door opener, etc.), is sufficient to recover the device key of the remote control. Hence, using the methods described by us, an attacker can clone a remote control from a distance and gain access to a target that is protected by the claimed to be "highly secure" KeeLoq algorithm.

We consider our attacks to be of serious practical interest, as commercial KeeLoq access control systems can be overcome with modest effort.

I've written about this before, but the above link has much better data.

EDITED TO ADD (4/4): A good article.

Posted on April 4, 2008 at 6:03 AMView Comments

Martin Hellman on the Invention of Public-Key Cryptography

At the DISI conference last December, Martin Hellman gave a lecture on the invention of public-key cryptography. A video is online (it's hard to find, search for his name), along with PowerPoint slides.

(Unfortunately, the video isn't set up for streaming; in order to view the it, you'll have to download the ten files, then use a fairly recent version of WinZip to concatenate the files.)

EDITED TO ADD (3/26): Now on Google Video.

Posted on March 25, 2008 at 1:21 PMView Comments

Quantum Computing: Hype vs. Reality

Really good blog post on the future potential of quantum computing and its effects on cryptography:

To factor a 4096-bit number, you need 72*4096^3 or 4,947,802,324,992 quantum gates. Lets just round that up to an even 5 trillion. Five trillion is a big number. We're only now getting to the point that we can put about that many normal bits on a disk drive. The first thing this tells me is that we aren't going to wake up one day and find out that someone's put that many q-gates on something you can buy from Fry's from a white-box Taiwanese special.

Posted on March 23, 2008 at 6:29 AMView Comments

London Tube Smartcard Cracked

Looks like lousy cryptography.

Details here. When will people learn not to invent their own crypto?

Note that this is the same card -- maybe a different version -- that was used in the Dutch transit system, and was hacked back in January. There's another hack of that system (press release here, and a video demo), and many companies -- and government agencies -- are scrambling in the wake of all these revelations.

Seems like the Mifare system (especially the version called Mifare Classic -- and there are billions out there) was really badly designed, in all sorts of ways. I'm sure there are many more serious security vulnerabilities waiting to be discovered.

Posted on March 14, 2008 at 7:27 AMView Comments

Cryptanalysis of A5/1

There have been a lot of articles about the new attack against the GSM cell phone encryption algorithm, A5/1. In some ways, this isn't real news; we've seen A5/1 cryptanalysis papers as far back as ten years ago.

What's new about this attack is: 1) it's completely passive, 2) its total hardware cost is around $1,000, and 3) the total time to break the key is about 30 minutes. That's impressive.

The cryptanalysis of A5/1 demonstrates an important cryptographic maxim: attacks always get better; they never get worse. This is why we tend to abandon algorithms at the first sign of weakness; we know that with time, the weaknesses will be exploited more effectively to yield better and faster attacks.

Posted on February 22, 2008 at 6:31 AMView Comments

←Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 Next→

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.