• r00ty@kbin.life
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    1 year ago

    Reading the article it seems they made two mistakes. The first was to make the card authoritive instead of having a account data to ensure the information matched. The second was to use a proprietary checksum algorithm instead of using an open secure signature method.

    I’d put money on the information they’re holding back being details on the checksum algorithm.

      • r00ty@kbin.life
        link
        fedilink
        arrow-up
        9
        arrow-down
        1
        ·
        1 year ago

        It wouldn’t need an account. The card can have all the data (in case it is used in an offline situation) but also have a unique serial number.

        So when an official ticket machine charges the card, it also logs the balance/tickets on the card with that ID in a central database too. Yes, it needs to be “online” within their own network. But, I’d be concerned if a large city transit didn’t have their own network already.

        Whenever it is used, provided the ticket reader has a connection it would be verified against the stored record. If the connection is offline then it uses the local stored information.

        I do wonder in a transit system like this what the advantage to an offline system is. If someone works out your “CRC32 except I xored the result with 1337” algorithm, then you’re boned and a lot of kit is “offline” and thus cannot easily be upgraded too.