When to change keys for MiFare Classic Cards?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

When to change keys for MiFare Classic Cards?

Jump to solution
2,359 Views
user_leo
Contributor II

I have an empty Mifare Classic card and want to encrypt memory in just one sector by changing the key for that sector. 

However since this is an empty card all sectors have the default key FF FF FF FF FF FF. 

Should I change the key for all the other sectors as well even though they are unused and empty? 

Labels (1)
0 Kudos
Reply
1 Solution
2,339 Views
Florian_Mikulik
NXP Employee
NXP Employee

Hello!

Yes, it is advised to change ALL keys on MIFARE Classic cards away from the default values (even the key for Sector0)

Please refer to the document "AN11302 - End to end system security risk considerations for implementing MIFARE Classic" which describes possible attacks and countermeasures on MIFARE Classic. 

Please be also aware that for storing sensitive data, its not advised to use MIFARE Classic, but rather a more secure MIFARE card like DESFire Light.

Best regards,

Florian

Customer Application Support Engineer - Gratkorn - Austria

View solution in original post

3 Replies
2,340 Views
Florian_Mikulik
NXP Employee
NXP Employee

Hello!

Yes, it is advised to change ALL keys on MIFARE Classic cards away from the default values (even the key for Sector0)

Please refer to the document "AN11302 - End to end system security risk considerations for implementing MIFARE Classic" which describes possible attacks and countermeasures on MIFARE Classic. 

Please be also aware that for storing sensitive data, its not advised to use MIFARE Classic, but rather a more secure MIFARE card like DESFire Light.

Best regards,

Florian

Customer Application Support Engineer - Gratkorn - Austria
577 Views
Fernando_Magro
Contributor I

Hi @Florian_Mikulik ,

First of all thanks for your message.

I was able to find the referred "AN11302 - End to end system security risk considerations for implementing MIFARE Classic" in the NXP website, but i'm unable to download it - a username/password is required.

Please, can you try the link below:

https://www.nxp.com/restricted_documents/53420/AN11302.pdf

Can you share this document or point out how to get the credentials?

Thank you.

Tags (2)
0 Kudos
Reply
559 Views
Florian_Mikulik
NXP Employee
NXP Employee
Hi Fernando,
Indeed, this document is only available under NDA. I would recommend to get a full NDA in place with nxp (if not yet done: https://www.nxp.com/support/support:SUPPORTHOME) and then also enable secure files access (same link as above) for your nxp.com account. Once done, i can push you this and other documents that might be required. The option for retrieveing those passwords can not be used anymore for security reasons, and anyhow will be removed soon, so the only way is to obtain it via the secure files process under NDA. Thanks for understanding.

Br,
Florian
Customer Application Support Engineer - Gratkorn - Austria
0 Kudos
Reply