London Banter - View Single Post

John Hadstate · November 18th 03, 03:42 PM posted to uk.transport.london,alt.2600,sci.crypt

(Matthew) wrote in message . com...
I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.

Smartcards are amongst the most secure ways to store information and
users of Oyster can be confident of the security of the data on their
card.

Says who?

Access to the information is only possible using secret keys
specific to that card, known only to devices permitted to process the
cards. These cards are very difficult to break into, making the cards
very secure; in the unlikely event that a card has its key broken
then the system - and all other cards - will remain secure.

All of the above adds up to a classic case of "security by obscurity."
This might mean that the inventors have already identified or suspect
weaknesses in their system that they hope will remain undiscovered if
no one is permitted to analyze their system too closely.