Dear System Integrator,

This letter serves to further inform you on the recent reports concerning the security issues of our MIFARE Classic product.

By letters dated from February 2nd and March 13th 2008 we have informed you already on this subject.

In December 2007 a group of researchers at the 24th Chaos Computer Club in Berlin claimed that they reverse engineered a MIFARE Classic chip and partially discovered the encryption algorithm of the chip. At the same time, they stated that they were not yet able to recover any keys from the chip.

By now, NXP Semiconductors has come to the conclusion that three research groups have recently retrieved the algorithm and developed attacks to break keys of MIFARE Classic-enabled cards within seconds. These are the group around Karsten Nohl, who initially presented the reverse engineering of MIFARE Classic chips in December 2007 at the 24th Chaos Computer Congress in Berlin, the IT security specialists from the Radboud University of Nijmegen as well as Nicolas T. Courtois from the University College London. According to our information the respective research groups plan to publish their findings including the algorithm by fall of this year latest. Although we have clearly explained to those parties the potential risks that such a publication would entail, we do not have proof points that these parties will indeed limit the contents of the publication of their scientific research. Consequently, there is a risk of excessive disclosure, including the full algorithm becoming published within the above mentioned timeframe. Therefore, as we did before, we feel it is appropriate to inform you once more about the potential consequences and necessary measures to be taken to minimize the impact of such eventuality.

We are investigating protection scenarios for systems using MIFARE Classic, in which no effective mechanisms to detect fraudulent cards have been implemented. As before, we will be happy to share our information with you, especially in light of your specific expertise in designing systems. Mindful of the aforementioned, we ask to closely assess your systems. Extensive additional protection mechanisms are recommended, both on how the data on the card is used as well as deploying additional security layers separate from the card.

It is our assessment that for transport ticketing installations, end-to-end security systems can be designed with the MIFARE Classic chip in such a way that the residual risk of fraud not being detected in time can be drastically reduced. Naturally, your risk assessment depends on the assets to be protected and whether the end-to-end system still meets the end customers’ requirements.

End to end measures should also be applied for access management infrastructures, which are often complemented by additional measures e.g. camera surveillance, security personnel, etc. when valuable assets need to be protected. We recommend that your assessment of the impact of the recent and expected developments takes into account the particular way how the system is implemented and used, its relation to other protection in place, and specifically whether there is a need to prevent unauthorized single time access or access during a limited period of time. Depending on the specific situation in existing MIFARE Classic access management infrastructures the usage of more sophisticated card ICs may be an alternative to implementing sufficient countermeasures. DESFire EV1 is our recommended solution for new access management implementations where a strong level of security is required to protect against a one time unauthorised access.

NXP is the industry leader in contactless and security, and presents with the MIFARE portfolio the largest and most competitive offering, which has become the industry’s choice. MIFARE Classic provides a benchmark in cost competitiveness as well as proven contactless performance, while the recently announced MIFARE Plus (available in Q4 2008) enables an optimal future-proof migration path when necessary. Both, MIFARE Plus and our new high-end product MIFARE DESFire EV1 offer strong AES encryption and are targeted to receive the internationally recognized Common Criteria certification.

NXP’s expertise is the design and manufacturing of chips; although we do not design end to end security systems, we would be happy to continuously support you so that the best solutions in the interest of your customers are reached.

If you would have any questions, please contact us at . If, in addition, you would like to be kept informed about the developments in this matter, please send an email to as well. Also, we will be giving updates on the mifare.net website.

Sincerely yours
The NXP MIFARE team