Forum › MIFARE SDK › What's differences are between the TDEA -Desfire and the TDEA-ISO10116(crc16) -k › Reply To: What's differences are between the TDEA -Desfire and the TDEA-ISO10116(crc16) -k
Hi Juha,
The MIFARE DESFire EV1 define three cipher modes: DES/2K3DES (also called as 2TDES), 3K3DES (also called as 3TDES) and AES128. The first DESFire (before EV1) only supports DES/2K3DES. 2K3DES uses two unique keys but 3K3DES three keys.
TDEA-ISO10116 is an international standard for block cipher and the modes.
2K3DES and 3K3DES are enhancements to fix the weakness of the original DES cipher. There exists papers which describes the “effective key length” of 3K3DES is only 112 bit (refer e.g. Wikipedia: https://en.wikipedia.org/wiki/Triple_DES ). If you use for instance 2K3DES in TapLinx, the upper and the lower 8 byte key pair have to be different. But this makes it impossible change the default key (all key pairs zero) as 2K3DES key. Here you have to use 3K3DES to change to a unique value.
With all this restrictions and the general weakness of DES I have one recommendation: if you not have to be compatible to an existing infrastructure, please prefer always AES128!
You use the MIFARE SAM AV2. I would use a host key (for the AuthenticateHost command) an AES192 key.
Regards,
The TapLinx team.
The MIFARE DESFire EV1 define three cipher modes: DES/2K3DES (also called as 2TDES), 3K3DES (also called as 3TDES) and AES128. The first DESFire (before EV1) only supports DES/2K3DES. 2K3DES uses two unique keys but 3K3DES three keys.
TDEA-ISO10116 is an international standard for block cipher and the modes.
2K3DES and 3K3DES are enhancements to fix the weakness of the original DES cipher. There exists papers which describes the “effective key length” of 3K3DES is only 112 bit (refer e.g. Wikipedia: https://en.wikipedia.org/wiki/Triple_DES ). If you use for instance 2K3DES in TapLinx, the upper and the lower 8 byte key pair have to be different. But this makes it impossible change the default key (all key pairs zero) as 2K3DES key. Here you have to use 3K3DES to change to a unique value.
With all this restrictions and the general weakness of DES I have one recommendation: if you not have to be compatible to an existing infrastructure, please prefer always AES128!
You use the MIFARE SAM AV2. I would use a host key (for the AuthenticateHost command) an AES192 key.
Regards,
The TapLinx team.
+ 0
|
- 0