Mifare Crypto1 Flaws - Mifare Classic 1k and 4k cards

Ok the Mifare Classic cards are pretty old (10 yearsish) but they are still in wide circulation and used in many countries around the world. Rumours that the Chinese had already reverse engineered and were producing blank cards were probably true as if these few some clever students can take quite literately taken the chip apart, I am sure other people can aswell.

The 10th March 2008 paper about the flaws in Mifare's crypto1 encryption

http://www.cs.virginia.edu/~kn5f/Mifare.Cryptanalysis.htm

The January 2008 video below is from ccc.de explaining how some students reverse engineered the chip

<a href="http://video.google.com/googleplayer.swf?docId=4252367680974396650" target="_blank">http://video.google.com/googleplayer.swf?docId=4252367680974396650</a>

On the back of the paper being released Bruce Schneier along with many other news sources are reporting free London travel via hacked Oyster Cards and similar stories in other countries.

http://www.schneier.com/blog/archives/2008/03/london_tube_sma.html

Attacks in action

<a href="http://www.youtube.com/v/NW3RGbQTLhE&rel=1" target="_blank">http://www.youtube.com/v/NW3RGbQTLhE&rel=1</a>

Breaking into Mifare-protected key vault

<a href="http://www.youtube.com/v/Srzf2MSCO6Y&rel=1" target="_blank">http://www.youtube.com/v/Srzf2MSCO6Y&rel=1</a>

Further reading
A separate group has found another flaw in the protocol and reduced the time taken to break the encrytpion
http://www.ru.nl/ds/research/rfid/

ComputerWorld.com article on How they broke it

RFID-Hack Hits 1 Billion Digital Access Cards Worldwide

Note that there are already Mifare 3DES cards available called DESFire and that also announced on the 10th of March that in Q4 2008 there will be 128bit AES cards available. The problem I see is by the time 128bit keys get into mass market who knows if flaws in AES won't have been found and broken?