They Talk About “Encryption.” They Must Be Smart!
from our Geeks Who Love To Poke Fun At Marketing People department
Schlage sent out this mailing recently. Can you guess why Locksmith Mike was so
Problem #1 (simple math)
26 bit standard card format: pnnnnnnnnxxxxxxxxxxxxxxxxp
65,536 possible card IDs
16,777,216 possible unique IDs if you use included the
facility code but that’s weak…
Problem #2 (the really annoying one)
Proximity isn’t encrypted. It’s just transmitting a unique ID. It is subject to man in the middle attacks, play backs, etc…
So does this mean that if I sniff their communications, I
can remotely send their unlock command by doing a play back? That would suck…
Do I want to trust a company that doesn’t understand a
simple prox card or a partial reason why the industry is moving towards smart
cards? Do I want to be the bozo who buys
a product like this thinking it’s accurate?