ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

When to change keys for MiFare Classic Cards?

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

When to change keys for MiFare Classic Cards?

ソリューションへジャンプ
‎09-19-2022 01:43 PM
2,656件の閲覧回数
user_leo
Contributor II

I have an empty Mifare Classic card and want to encrypt memory in just one sector by changing the key for that sector. 

However since this is an empty card all sectors have the default key FF FF FF FF FF FF. 

Should I change the key for all the other sectors as well even though they are unused and empty? 

ラベル(1)
ラベル
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎09-21-2022 01:00 AM
2,636件の閲覧回数
Florian_Mikulik
NXP Employee
NXP Employee

Hello!

Yes, it is advised to change ALL keys on MIFARE Classic cards away from the default values (even the key for Sector0)

Please refer to the document "AN11302 - End to end system security risk considerations for implementing MIFARE Classic" which describes possible attacks and countermeasures on MIFARE Classic. 

Please be also aware that for storing sensitive data, its not advised to use MIFARE Classic, but rather a more secure MIFARE card like DESFire Light.

Best regards,

Florian

Customer Application Support Engineer - Gratkorn - Austria

元の投稿で解決策を見る

返信
3 返答(返信)

ソリューションへジャンプ
‎09-21-2022 01:00 AM
2,637件の閲覧回数
Florian_Mikulik
NXP Employee
NXP Employee

Hello!

Yes, it is advised to change ALL keys on MIFARE Classic cards away from the default values (even the key for Sector0)

Please refer to the document "AN11302 - End to end system security risk considerations for implementing MIFARE Classic" which describes possible attacks and countermeasures on MIFARE Classic. 

Please be also aware that for storing sensitive data, its not advised to use MIFARE Classic, but rather a more secure MIFARE card like DESFire Light.

Best regards,

Florian

Customer Application Support Engineer - Gratkorn - Austria
返信

ソリューションへジャンプ
‎08-01-2024 01:54 PM
874件の閲覧回数
Fernando_Magro
Contributor I

Hi @Florian_Mikulik ,

First of all thanks for your message.

I was able to find the referred "AN11302 - End to end system security risk considerations for implementing MIFARE Classic" in the NXP website, but i'm unable to download it - a username/password is required.

Please, can you try the link below:

https://www.nxp.com/restricted_documents/53420/AN11302.pdf

Can you share this document or point out how to get the credentials?

Thank you.

タグ(2)
0 件の賞賛
返信

ソリューションへジャンプ
‎08-02-2024 01:51 AM
856件の閲覧回数
Florian_Mikulik
NXP Employee
NXP Employee
Hi Fernando,
Indeed, this document is only available under NDA. I would recommend to get a full NDA in place with nxp (if not yet done: https://www.nxp.com/support/support:SUPPORTHOME) and then also enable secure files access (same link as above) for your nxp.com account. Once done, i can push you this and other documents that might be required. The option for retrieveing those passwords can not be used anymore for security reasons, and anyhow will be removed soon, so the only way is to obtain it via the secure files process under NDA. Thanks for understanding.

Br,
Florian
Customer Application Support Engineer - Gratkorn - Austria
0 件の賞賛
返信