Forum › MIFARE SDK › How to determine the authenticity of a DESFire EV1 card › Reply To: How to determine the authenticity of a DESFire EV1 card
Hi CC,
We have two topics in this thread: protect your data and prevent the theft on one side and avoid issuing inferior products to your end-users on the other side. In both topics it is your natural duty as issuer to do well: prefer strong cipher like AES128 (in contrast to single DES) where data have to be encrypted, use CMAC base signing where data do not need to be encrypted but protected against changing. Use smart cryptographic methods like key diversification to ensure every card uses a unique key (so the master key is never used directly). Protect your reader terminal against attacks where you never store the keys in software, but use a hardware keystore instead where the keys cannot be read-out etc. And at the end: MIFARE products are security relevant products! Therefore never buy MIFARE products from uncertain sources in the net, use always serious distributors and sellers which are well known and have a business tradition.
The MIFARE Team
We have two topics in this thread: protect your data and prevent the theft on one side and avoid issuing inferior products to your end-users on the other side. In both topics it is your natural duty as issuer to do well: prefer strong cipher like AES128 (in contrast to single DES) where data have to be encrypted, use CMAC base signing where data do not need to be encrypted but protected against changing. Use smart cryptographic methods like key diversification to ensure every card uses a unique key (so the master key is never used directly). Protect your reader terminal against attacks where you never store the keys in software, but use a hardware keystore instead where the keys cannot be read-out etc. And at the end: MIFARE products are security relevant products! Therefore never buy MIFARE products from uncertain sources in the net, use always serious distributors and sellers which are well known and have a business tradition.
The MIFARE Team
+ 0
|
- 0