Crypto-1

**Crypto-1**
概述
设计者	Philips/NXP
首次发布	October 6, 2008
密码细节
密钥长度	48 bits
安全声明	48 bits
结构	非线性反馈移位寄存器、线性反馈移位寄存器
最佳公开破解
	Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur (2009-03-17). "Wirelessly Pickpocketing a Mifare Classic Card"

Crypto-1是由恩智浦半导体為其於1994年推出的MIFARE Classic RFID 免觸碰智能卡所創建的專有加密演算法（流密码）和認證協議。這些卡片已被用於許多著名的系統，包括蠔卡、查理卡和OV晶片卡。

到了2009年，密碼學研究已經逆向工程了這種密碼，並公布了有效破解安全性的各種攻擊[1][2][3][4][5]。

恩智浦在其後推出了修正的版本MIFARE Classic EV1（仍與MIFARE Classic系統相容），然而在2015年時發現新的攻擊[6][7]，因此恩智浦在之後建議停用MIFARE Classic[8]。

技術細節

Crypto-1是一個流密码，結構與後繼的Hitag2類似，包含了：

48-bit的线性反馈移位寄存器（LSFR）用以儲存狀態，
兩層的20對1非線性函數用於生成密鑰流，
16位的LFSR，它在驗證階段被用作偽隨機數生成器。

參考資料

de Koning Gans, Gerhard; J.-H. Hoepman; F.D. Garcia. (PDF). 8th Smart Card Research and Advanced Application Workshop (CARDIS 2008), LNCS, Springer. 2008-03-15 [2023-05-17]. （原始内容 (PDF)存档于2022-04-22）.
Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil. . Cryptology ePrint Archive. 2008-04-14 [2023-05-17]. （原始内容存档于2012-09-13）.
Nohl, Karsten; David Evans; Starbug Starbug; Henryk Plötz. . SS'08 Proceedings of the 17th conference on Security symposium. USENIX: 185–193. 2008-07-31 [2023-05-17]. （原始内容存档于2019-03-23）.
Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers; Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs. (PDF). 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. 2008-10-04 [2023-05-17]. （原始内容 (PDF)存档于2017-08-08）.
Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur. (PDF). 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. 2009-03-17 [2023-05-17]. （原始内容 (PDF)存档于2022-01-02）.
Meijer, Carlo; Verdult, Roel. . Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15 (Denver, Colorado, USA: Association for Computing Machinery). 2015-10-12: 18–30. ISBN 978-1-4503-3832-5. S2CID 4412174. doi:10.1145/2810103.2813641. hdl:2066/151451 .
Meijer; Verdult. (PDF). R. Verdult's page at Institute for Computing and Information Sciences, Radboud University. （原始内容存档 (PDF)于2021-04-29）.
Grüll, Johannes. . www.mifare.net. October 12, 2015 [2021-04-29]. （原始内容存档于2023-09-06）.

外部連結

Radboud Universiteit Nijmegen press release PDF （页面存档备份，存于）（英文）
Details of Mifare reverse engineering by Henryk Plötz PDF （德文）
Windows GUI Crypto1 tool, optimized for use with the Proxmark3

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] Koning Gans, Gerhard; J.-H. Hoepman; F.D. Garcia. (PDF). 8th Smart Card Research and Advanced Application Workshop (CARDIS 2008), LNCS, Springer. 2008-03-15 [2023-05-17]. （原始内容 (PDF)存档于2022-04-22）.

[2] Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil. . Cryptology ePrint Archive. 2008-04-14 [2023-05-17]. （原始内容存档于2012-09-13）.

[3] Nohl, Karsten; David Evans; Starbug Starbug; Henryk Plötz. . SS'08 Proceedings of the 17th conference on Security symposium. USENIX: 185–193. 2008-07-31 [2023-05-17]. （原始内容存档于2019-03-23）.

[4] Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers; Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs. (PDF). 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. 2008-10-04 [2023-05-17]. （原始内容 (PDF)存档于2017-08-08）.

[5] Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur. (PDF). 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. 2009-03-17 [2023-05-17]. （原始内容 (PDF)存档于2022-01-02）.

[6] Meijer, Carlo; Verdult, Roel. . Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15 (Denver, Colorado, USA: Association for Computing Machinery). 2015-10-12: 18–30. ISBN 978-1-4503-3832-5. S2CID 4412174. doi:10.1145/2810103.2813641. hdl:2066/151451 .

[7] Meijer; Verdult. (PDF). R. Verdult's page at Institute for Computing and Information Sciences, Radboud University. （原始内容存档 (PDF)于2021-04-29）.

[8] Grüll, Johannes. . www.mifare.net. October 12, 2015 [2021-04-29]. （原始内容存档于2023-09-06）.