Security Now 372
Topic: the security implications of using NFC
Security Now 372: Near Field Communications (NFC)
News & Errata
- NIST has chosen the algorithm for generating SHA-3 hashes, KECCAK. It is simple, so it it transparent and easily cryptanalyzed.
- The PCI bus is a parallel bus; it is not serial. However, PCI Express (PCIe) is.
- Both hosts thought the Google (or Asus) Nexus 7 lacks NFC, but it does include NFC. (see references later)
One user (Talk_hard) Tweeted they were able to salvage a 1.5 terabyte drive with SpinRite.
Near field communications (NFC) devices
NFC uses a 13.56 MHz carrier. Bluetooth is around 2400 MHz, or 2.4 GHz. WiFi is also around 2.4 GHz as well as 5 GHz.
The NFC signalling protocol is self-clocking with a bitrate of 1/128th of the carrier frequency.
The design goal of NFC was to replace the expensive-to-implement physical electrical contact systems on such things as embedded chip credit cards.
There's nothing fundamentally secure or insecure about NFC. (It's issues surrounding what's done with the technology which can be problematic.)
When faced with a choice between security and convenience, initially the industry chooses convenience, and it's only after it gets burned a few times [that] it backs off...
Gravestones are now including QR codes.
- Audible URL
|TBD by TBD (ABRIDGED/UNABRIDGED)|
Narrated by TBD
- KECCAK is chosen as the SHA-3 Cryptographic Hash Algorithm Competition winner
- 16GB Nexus 7 page on Google Play, with specifications indicating inclusion of NFC, or "Android Beam"
User Contributed Notes
Metric is a lot easier to deal with if one does not spend the time and mental energy of thinking about it in terms of another system. The 2 to 3 centimeter range stated for nominal NFC range is just 2 to 3 cm; it doesn't need to be anything else. Just learn how big that is, and forget worrying about how many inches that is...just like you did when you were learning how long and inch is, by successive approximations and feedback/corrections.
- Edited by:
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|