Search

tay00000

There is already such a topic which you can find by simply use the search features on the top right hand corner if you actually tried to do a search. The search is pretty user friendly and extensive.

Link: http://javacardos.com/javacardforum/viewtopic.php?f=31&t=738

tay00000

Maybe a little explanation on what I am being asked to review and where is the source code ? I am abit lost reading the thread. Also, note that the Browser/PC to U2F card/device does not use any sort of Secure Channel Protocol of any sort. They are done over plain APDU channels which I have tried to...

tay00000

Do note that the paper stresses on the importance of nonce and IV being random when needed instead of hard-coded IVs and nonces that are always re-used and never permutated.

tay00000

@JavaCardOS, please look into implementing SCP03 into JC30M48CR whenever possible as SCP02 has been found to be weak while SCP03 has been proven to be robust.

tay00000

Cryptographers have posted a paper on their recent attempts to attack the GlobalPlatform Secure Channel Protocol suite. The research paper concludes that SCP02 is getting weak and SCP03 protocol is pretty strong and resist attempts to attack the protocol and provides resilience against attempts for ...

tay00000

It is nice to see a loyalty card applet being open sourced as most loyalty card applets are usually designed behind close doors and it require much more effort to reverse engineer and then crack the protocol for security auditing purposes. As per usual, I will give my commentaries on the security as...

tay00000

The security of the KeepassNFC applet is insufficient for NFC application and I would probably recommend that only standard ISO7816 contact channel be used and even if contact channels are used, it is still vastly insufficient in terms of security. The reasons: * Lack of PIN access * Sloppy use of R...

tay00000

It depends but RSA 2048 and above and ECDSA 256 and above are generally used as baseline.

tay00000

Signature algorithms (RSA, ECDSA, DSA) is one thing and Signature Methods (PKCS1 1.5/ OAEP) is another thing. To put it very simplistically, the algorithm is a set of mathematical formula on how you should create a signature (maths and numbers). A method on the other hand is that every algorithm may...

tay00000

Here's my method of designing a Secure Channel Protocol customized for your own application. THE A02 SCP PROTOCOL ==================== Assumptions: - APDU buffer at least 256 bytes - RSA-2048-PKCS1-1_5 Cipher is available - AES-256 in ECB and CBC mode is available Tested & Proven Hardware: - Fei...

Search found 161 matches

Re: ECC Encryption and Decryption

Re: CCID Device Chrome Extension v1.0

Re: Cryptographic research results on GP SCP Protocols

Re: JC30M48CR

Cryptographic research results on GP SCP Protocols

Re: Smart Card LoyaltyCard Applet

Re: Keepass NFC Applet

Re: Basic question on digital signature

Re: Basic question on digital signature

Re: Session key

Board Disclaimer