Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Could anyone explain to me the vulnerability of Mifare Classic with AES-128 bit key diversification? Do Mifare Classic chips protect against cloning?
First of all, Mifare Classic does not use AES encription algorithm. NXP decided to use Crypto-1 instead. Unfortunately they made a serious mistake with implementation of the internal Random Number Generator so that it is possible to predict first 12 bits of total 48 bits of session key. The rest can be cracked by brute force and air traffic analyses within a reasonable period of time.
NXP strongly advises to not use Mifare Classic in new projects. Instead, it is recomended to use UltralightC or DesFire EV1. Those cards can communicate using AES encription (DES, 3DES, 3KDES are also avaliable). Until now, DesFire EV1 has not been cracked. Previous versions of DesFire were broken in research labs by power consumption analyses. EV1 is protected against this method of attack.
Regarding the cloning - it is not possible to copy the contents of a card and paste it directly to another one, as each card have different UID that cannot be altered, so it will not be an exact copy. If the attacked system is checking UID, then the cloned card will not work. But it is possible to build device which will simulate a Mifare card (in this case it is possible to set any UID).
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
Is GPS data signed and timestamped by the satellite?
No, GPS is not signed. I think there may be in future some signed signals. Maybe it is used on military part of GPS.
GPS spoofing is a well know problem, and problems are usually "solved" in hardware. If signal strength on some satellites changes quickly: do no trust it. Multiple antenna (on extreme of lorry/ship) and comparing strength of signal helps. Some directional antenna helps to know that signal expected from a satellite come from where it is expected. And often some gyroscope, compass, or and tracking, to check plausibility of data.
Note: fishing boat uses it to decoy own position (in protected area/economic exclusive zones). They causes a lot of troubles to other ships and boats (and sometime to ground equipment).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a plain text and its cypher text. I know that the algorithm used was MD5. I want to break all cypher texts that are produced using the same algorithm.
Is there any way to do so?
Kerckhoffs's Principle applies here. Knowing the mathematics, and the interaction between the plaintext and ciphertext, will not let you break the MD5 hashing algorithm.
This is due to Shannon's principles of cryptography, outlined in 1945, "Confusion and Diffusion". In simple terms, this means that any even reasonably good encryption algorithm does not show a clear relationship between the cleartext and the ciphertext.
The short answer to your question is no, there is no way to break MD5 purely by knowing a cleartext and a ciphertext. There's no key, so you can't reverse engineer it like a simple XOR cipher.
However, **as MD5 is a very quick, processor-light algorithm, it has been (and is still) possible to simply bruteforce a vast array of cleartext strings, then compare your target ciphertext to the resulting **rainbow table.
This site can help you do this: MD5 Decryptor
I will mention, however, that it's generally rare that there is a use for this outside of computer misuse, which I will strongly caution you against.
I hope this was helpful.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm looking at the various bcrypt implementations across several languages and noticing the character limitation across most - specifically, the 72 character maximum that node-bcrypt, php's bcrypt, and py-bcrypt all exhibit.
What are the advantages and disadvantages if an application were to run user input through, say, a SHA-256 or SHA-512 checksum beforehand to enable longer inputs for bcrypt?
The CLI application found here is limited to 8-56 "characters" inclusive (it's C, so a character can be anything I suppose). Heaven knows why you would create limits for something that you feed into a password based key derivation function afterwards (which almost certainly will take unlimited input).
An additional secure hash with sufficient strength and output size will not do anything to degrade security.
Encode the result to hexadecimals before feeding it to a bcrypt library, which is almost certainly expecting a String (don't get struck by the "odd" 00h byte). You might as well use SHA-256, I don't think a few bits more or less will make a difference if you feed it into bcrypt afterwards. Otherwise you may be forced to use base64.
Finally, try not to get into this situation, performing non-standard cryptography is almost certainly a bad thing.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm new with zigbee i need you to help me learn about it and know how to implement an embedded system using it
thanks in advance
One good place to look is on the Digi site. They have several products to help you, including embedded development kits.
If you want to go Open Source, look at Source Forge. They have some open source stacks. I have not used any of them, so I cannot comment beyond knowing that they exist.
Depending on your needs, you might want to just look at XBee, which is a subset of zigbee. There are some nice development tools for XBee. I have used an XBee expansion shield with the .net micro framework and boards provided by TinyCLR to do a wireless prototype.
Creating a zigbee stack on your own would be a fairly large task, so only you can determine if there is ROI in doing so. I would be more inclined to buy it in.
Get a ZigBee Starter Kit. Lots of vendors provide one; gust Google that exact phrase.
For example: AVR 8-Bit RISC - IEEE 802.15.4/ZigBee - Tools
Or you can ZigBee on a PIC/Microchip at very low cost. http://www.microchip.com/stellent/idcplg?IdcService=SS_GET_PAGE&nodeId=2112
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
How do you connect these to your computer? Which one would be easier to burn?
The information you seek can be found by comparing the data sheets: AT89C51, AT89S51, however you will see in this first link that it states:
Not recommended for new designs. Use AT89S51.
So that probably makes your last question irrelevant, you should use the AT89S51 regardless.
With regard to your second question (which I interpret as "connecting to a development host"), I suggest that you use an off-the-shelf development board unless you have the means and skill to produce your own. In-system programming can be achieved through the UART (there's an app. note in the link above), so you'll need a PC with an RS-232 serial interface and a NULL-Modem cable (the latter may come with the board). If you do not have a serial port on your PC, get a USB serial port adapter.
Obviously you need the development tools; at leas a compiler, and for debugging you'd benefit from an emulator; again the link above has references to tools.
Overall; read the manufacturer's documentation is the answer to all your questions! ;-)