The Dutch judge who has overturned the injunction stopping Radboud University revealing how they cracked the Mifare Classic chip said:
Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.Bruce Schneier said:
As bad as the damage is from publishing - and there probably will be some - the damage is much, much worse by not disclosing.
and then rightly pointed out that assuming that no criminals were exploiting this problem was a foolish position to take.
This is of course an analogue of the classic security position that encryption algorithms shouldn't be kept secret, they should be open for everyone to examine for flaws and only the key should be secret.
No comments:
Post a Comment