RFID 2 Step Verification
So I've never really been interested in RFID implants. Nothing against them, I just didn't see the point in a couple kb of storage. I look forward to the day when the storage capabilities reach gb, because on that day I will cloud host a file-sharing website on my back and evade capture as the one man Pirate Bay. However, I thought up an interesting concept that I think could be cool and (semi) easily implemented. Anybody who uses Google Docs or an online health provider's website probably knows what 2-step verification is. Basically, when you try to log in to an account, you not only have to provide your password, but you have to prove your identity in a secondary way as well to gain access. Google Docs and most health providers use SMS verification, but Facebook has an interesting twist by making you identify pictures of your friends. If you're government or military affiliated, you may have seen at some point a DOD access card. Basically, it's a little sim card connected to an ID or lanyard that has a secondary password in it. You have to plug it into a little dongle that goes into a USB port and then type your password. Anyway, 2-step verification is cool and makes accounts pretty dang secure.
So what I was thinking of making is an RFID chip with a secondary password on it, implanted in the webbing of someone's fingers that works as secondary verification for logging into an RFID-capable device. This is by no means a unique concept, but I think it's interesting that it would always be on hand (PUNS) for you and nobody else.
How I was thinking of going about this is to create a program that reads the RFID input and puts it through a hash (permanent encryption) function, using the actual password as a salt. In this way, the password in itself is useless without the RFID input and vice versa.
Any thoughts?
So what I was thinking of making is an RFID chip with a secondary password on it, implanted in the webbing of someone's fingers that works as secondary verification for logging into an RFID-capable device. This is by no means a unique concept, but I think it's interesting that it would always be on hand (PUNS) for you and nobody else.
How I was thinking of going about this is to create a program that reads the RFID input and puts it through a hash (permanent encryption) function, using the actual password as a salt. In this way, the password in itself is useless without the RFID input and vice versa.
Any thoughts?
Comments
There must be something to their encryption or this lawsuit likely wouldn't have been filed.
The other thing is the obvious one (and my apologies for the slight derailment of the thread)... What new chips do you have? :) And more importantly, what are the chances of being able to clone Mastercard Paypass data? I'd LOVE to be able to clone my debit card to an implant.
* EDIT * - Found this blurb on a Wikipedia page about Avid encryption:
"Although no authentication encryption is involved, obfuscation requires
secret information to convert transmitted chip data to its original
label ID code."
So it's actually just obfuscation.
I'm putting together a video of the new chips, once that's done I'll create a thread about them. They do allow cloning of simple rfid protocols, such as HID and EM4xxx, but cloning credit cards is virtually impossible. Besides, if I could copy credit cards, why would I tell anyone else? :p
One last thing regarding credit card cloning. Quoting @Amal's RFID FAQ,
"The temporary and transient nature of these systems precludes me from
ever wanting to implant one of their chips into my body. There may be
another solution to this problem however, so keep an eye on our Facebook
page."
Care to comment, @Amal?
And again, sorry for the thread derailment. We now return to regularly scheduled programming.