There is already such a topic which you can find by simply use the search features on the top right hand corner if you actually tried to do a search. The search is pretty user friendly and extensive.
Link: http://javacardos.com/javacardforum/viewtopic.php?f=31&t=738
Search found 161 matches
- Tue Jan 24, 2017 7:45 am
- Forum: Algorithm School
- Topic: ECC Encryption and Decryption
- Replies: 5
- Views: 11040
- Tue Jan 24, 2017 6:37 am
- Forum: Other Tools
- Topic: CCID Device Chrome Extension v1.0
- Replies: 10
- Views: 68372
Re: CCID Device Chrome Extension v1.0
Maybe a little explanation on what I am being asked to review and where is the source code ? I am abit lost reading the thread. Also, note that the Browser/PC to U2F card/device does not use any sort of Secure Channel Protocol of any sort. They are done over plain APDU channels which I have tried to...
- Tue Jan 17, 2017 11:58 pm
- Forum: Algorithm School
- Topic: Cryptographic research results on GP SCP Protocols
- Replies: 2
- Views: 7211
Re: Cryptographic research results on GP SCP Protocols
Do note that the paper stresses on the importance of nonce and IV being random when needed instead of hard-coded IVs and nonces that are always re-used and never permutated.
- Tue Jan 17, 2017 11:22 pm
- Forum: Card Products
- Topic: JC30M48CR
- Replies: 12
- Views: 25255
Re: JC30M48CR
@JavaCardOS, please look into implementing SCP03 into JC30M48CR whenever possible as SCP02 has been found to be weak while SCP03 has been proven to be robust.
- Tue Jan 17, 2017 11:13 pm
- Forum: Algorithm School
- Topic: Cryptographic research results on GP SCP Protocols
- Replies: 2
- Views: 7211
Cryptographic research results on GP SCP Protocols
Cryptographers have posted a paper on their recent attempts to attack the GlobalPlatform Secure Channel Protocol suite. The research paper concludes that SCP02 is getting weak and SCP03 protocol is pretty strong and resist attempts to attack the protocol and provides resilience against attempts for ...
- Mon Jan 16, 2017 7:19 am
- Forum: Open Source Applets
- Topic: Smart Card LoyaltyCard Applet
- Replies: 7
- Views: 58413
Re: Smart Card LoyaltyCard Applet
It is nice to see a loyalty card applet being open sourced as most loyalty card applets are usually designed behind close doors and it require much more effort to reverse engineer and then crack the protocol for security auditing purposes. As per usual, I will give my commentaries on the security as...
- Fri Dec 23, 2016 7:45 am
- Forum: Open Source Applets
- Topic: Keepass NFC Applet
- Replies: 3
- Views: 43567
Re: Keepass NFC Applet
The security of the KeepassNFC applet is insufficient for NFC application and I would probably recommend that only standard ISO7816 contact channel be used and even if contact channels are used, it is still vastly insufficient in terms of security. The reasons: * Lack of PIN access * Sloppy use of R...
- Thu Dec 22, 2016 4:41 am
- Forum: Algorithm School
- Topic: Basic question on digital signature
- Replies: 4
- Views: 9750
Re: Basic question on digital signature
It depends but RSA 2048 and above and ECDSA 256 and above are generally used as baseline.
- Thu Dec 22, 2016 1:53 am
- Forum: Algorithm School
- Topic: Basic question on digital signature
- Replies: 4
- Views: 9750
Re: Basic question on digital signature
Signature algorithms (RSA, ECDSA, DSA) is one thing and Signature Methods (PKCS1 1.5/ OAEP) is another thing. To put it very simplistically, the algorithm is a set of mathematical formula on how you should create a signature (maths and numbers). A method on the other hand is that every algorithm may...
- Tue Dec 20, 2016 3:09 am
- Forum: Algorithm School
- Topic: Session key
- Replies: 9
- Views: 16387
Re: Session key
Here's my method of designing a Secure Channel Protocol customized for your own application. THE A02 SCP PROTOCOL ==================== Assumptions: - APDU buffer at least 256 bytes - RSA-2048-PKCS1-1_5 Cipher is available - AES-256 in ECB and CBC mode is available Tested & Proven Hardware: - Fei...