From: norm@netcom.com (Norman Hardy)
Date: Wed, 2 Oct 1996 14:32:00 +0800
To: cypherpunks@toad.com
Subject: Re: Weaknesses in Smart Cards? (Re: FLA_wed)
Message-ID: <ae778e7901021004910d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:21 AM 9/26/96, Timothy C. May wrote:
...
>Strip-back of the outer packaging is possible, of course. I'd need to know
>a lot more about the packaging used by VISA and other smartcard makers to
>know how economical this would be. (Breaking any single card is not
>necessarily a financial windfall, if the card has a limit, for example.
>This puts a limit on how much $$$ can be spent on cracking a chip.)

As best I can figure, extracting the secret from a Mondex card gives you not
merely the money from the card, but the "digital plates" with which to mint
arbitrarily much more money. I only say this because the only protocol the
I can think of that fits what we do know of Mondex has this problem. This fault
does not plague Chaum cash.

I don't know how to code the card application so that a transient errors
won't just occasionally cause the secret to be exported. Then again that
may be possible to code it for "fail safe". If it were my money backing
the Mondex cards, I would want to know how it worked.