fsebugoutzone.org:9999

       Post AdLcrHNtNF3e8DAVlY by mwfc@chaos.social
 (DIR) More posts by mwfc@chaos.social
 (DIR) Post #AdLcqtfRYKpwZhCBn6 by jwildeboer@social.wildeboer.net
       2023-12-29T18:32:59Z
       
       0 likes, 0 repeats
       
       #NFC geeks/nerds: where can I buy NFC cards with a #ST25TA64K chip? It seems that is the chip with the biggest storage available? Or do you know of other standard type 4 tags with 8kB or more?
       
 (DIR) Post #AdLcquNOutzym1lIJ6 by jwildeboer@social.wildeboer.net
       2023-12-30T00:20:25Z
       
       0 likes, 0 repeats
       
       Ah, the DESFire EV2 by NXP goes to 32KB. But interestingly the EV3 goes back to 16 KB max.
       
 (DIR) Post #AdLcqvFzdvfRVLItOq by mwfc@chaos.social
       2023-12-30T00:23:22Z
       
       0 likes, 0 repeats
       
       @jwildeboerYou could go Javacard and have more as well.
       
 (DIR) Post #AdLcqwY6q3kjVomsHA by mwfc@chaos.social
       2023-12-30T00:24:17Z
       
       0 likes, 0 repeats
       
       @jwildeboerProbably even Zeitcontrol from minden which are used for openpgpcard
       
 (DIR) Post #AdLcqy578pkQGTEkMK by jwildeboer@social.wildeboer.net
       2023-12-30T07:56:09Z
       
       0 likes, 0 repeats
       
       @mwfc That is also &quot;just&quot; normal use of a smart card, following (parts of) ISO 7816, just like ICAO9303. Can be combined on the same card, actually. Some features of an OpenPGP card might not work with contactless AFAICS, though. For example https://www.floss-shop.de/de/security-privacy/smartcards/4/openpgp-smart-card-v3.4-mifare-desfire combines smart card with DESFire but explicitly says &quot;Die OpenPGP funktion kann nicht über NFC/RFID verwendet werden.&quot;
       
 (DIR) Post #AdLcqzPiBjomOdsi6S by mwfc@chaos.social
       2023-12-30T08:17:52Z
       
       0 likes, 0 repeats
       
       @jwildeboerYes. They have a diff OS.The main problem is that there is much NDA Land on the card side.The chips have quite capable chips but are limited due to their OS. Javacard and Basic card are the proprietary OSes which you can program.And the Oracle takeover made Javacard IMHO not better.
       
 (DIR) Post #AdLcr1GvHNya9xmigK by jwildeboer@social.wildeboer.net
       2023-12-30T08:37:59Z
       
       0 likes, 0 repeats
       
       @mwfc Which is why I try to reimplement ICAO9303 using only very basic and well-known (AKA open enough) functions of ISO 7816 (smart card) combined with ISO 14443 (contactless), starting with a very simple NDEF only approach. Basically using it just as storage device. And extend from there.
       
 (DIR) Post #AdLcr2htwZ9ObvPmN6 by jwildeboer@social.wildeboer.net
       2023-12-30T08:54:46Z
       
       0 likes, 0 repeats
       
       @mwfc And that is why I am looking for contactless cards with more than 8 KB of (NDEF) storage :)
       
 (DIR) Post #AdLcr3gWJBdjdvmBrE by mwfc@chaos.social
       2023-12-30T09:06:49Z
       
       0 likes, 0 repeats
       
       @jwildeboer Yes I do understand your approach.My take is not to use elaborate JavaCard functions, but to use the large storage of Javacards and expose it via NDEF if possible.They play in the 72 KByte range easilyZeitcontrol Basiccard is the same.Back when I used them I had different takes on it and wanted different things, but imho using it as prototype and just treating them as dumb NFC NDEFs is a diff approach and legit to wait for bigger available storage. Drives up price tho.
       
 (DIR) Post #AdLcr4Y36ASSJwowIC by jwildeboer@social.wildeboer.net
       2023-12-30T09:10:26Z
       
       0 likes, 0 repeats
       
       @mwfc The chips used in ePassports are not readily available to buy. So I have to look for the next best approach. ICAO9303 defines that ePassport chips should offer at least 32 KB of storage to be compliant, hence I am looking for &quot;dumb&quot; NFC cards I can buy right now that offer at least 32 KB, which seemingly reduces my options to the NXP DESFire EV2 series.
       
 (DIR) Post #AdLcr5Lg7e9mns2ZeK by jwildeboer@social.wildeboer.net
       2023-12-30T09:13:59Z
       
       0 likes, 0 repeats
       
       @mwfc Note that for ePassport Contactless is a MUST. So smart cards that need a chip reader are out. Which, AFAICS, means the whole openpgp ecosystem is out of the picture.
       
 (DIR) Post #AdLcr6HodUf3iBF0Ge by kkarhan@mstdn.social
       2023-12-30T12:43:29Z
       
       0 likes, 0 repeats
       
       @jwildeboer @mwfc which is ibtentional by the designers of said standards, because they want hierachical systems and not self-custody of keys or a web of trust to exist...
       
 (DIR) Post #AdLcr7CXEc20Y5mIfw by jwildeboer@social.wildeboer.net
       2023-12-30T13:28:50Z
       
       0 likes, 0 repeats
       
       @kkarhan @mwfc The weird thing is that the PKI behind ePassports isn&#39;t exactly hierarchical, but more P2P, with CAs per country and lots of cross-signing based on binational agreements.
       
 (DIR) Post #AdLcr83M4EHZBuUU0O by mwfc@chaos.social
       2023-12-30T13:40:38Z
       
       0 likes, 0 repeats
       
       @jwildeboerThe real issue is NDA Land as soon as Security is involved.Industry &quot;learned&quot; from the 90s tv Smartcard issues and got away with it due to market entry barriers everywhere. @kkarhan
       
 (DIR) Post #AdLcr8orDcHPZEiQ2y by kkarhan@mstdn.social
       2023-12-30T15:36:05Z
       
       0 likes, 0 repeats
       
       @mwfc @jwildeboer Yeah, they learned nothing...Otherwise Carding and Cardsharing would&#39;ve died out a long time ago...
       
 (DIR) Post #AdLcr9cqDmGK4G6KxM by mwfc@chaos.social
       2023-12-30T15:39:01Z
       
       0 likes, 0 repeats
       
       @kkarhanI disagree.It is next to impossible to make decent products w/o NDA. And all the relevant docs have not leaked in a meaningful way.As example the Javacard Smartcards are really powerful.Same for everything sc300 sc100.Docs are not really out there.I know people with access, but all bound to NDA and hefty threats of penalties.So yes it works.@jwildeboer
       
 (DIR) Post #AdLcrASF8fNYdg9O4m by jwildeboer@social.wildeboer.net
       2023-12-30T15:45:03Z
       
       0 likes, 0 repeats
       
       @mwfc @kkarhan I still find it weird that it is really hard to buy simple NFC type 4 cards with 32 kB of NDEF storage. I can buy thousands of tags/cards with 500-1000 bytes of storage (NTAG216) for a few cents each, but 16 or 32 kB are rather unique unicorns (DESfire EV2 32 kB at around 8€ seems to be the only one)
       
 (DIR) Post #AdLcrBBcPxfuuPNcno by rena2019@social.tchncs.de
       2023-12-30T20:47:16Z
       
       0 likes, 0 repeats
       
       @jwildeboer @mwfc @kkarhan es willst du mit so einem großem NDEF Speicher anfangen?
       
 (DIR) Post #AdLcrC7kvoBBoia3Q8 by jwildeboer@social.wildeboer.net
       2023-12-30T20:51:08Z
       
       0 likes, 0 repeats
       
       @rena2019 @mwfc @kkarhan As explained at the beginning of the thread: to try to implement a kind of ePassport chip as defined in ICAO9303, but using open standards, open source, open hardware. The biometric picture according to ICAO requirements is typically already between 12-18 kB.
       
 (DIR) Post #AdLcrD61JkNwpcmBM0 by kkarhan@mstdn.social
       2023-12-30T20:59:53Z
       
       0 likes, 0 repeats
       
       @jwildeboer @rena2019 @mwfc And that doesn&#39;t even account for a decently sized #OpenPGP #Pubkey to go along with it and a #signature for all said data!
       
 (DIR) Post #AdLcrE5hcPj1uvdRUu by jwildeboer@social.wildeboer.net
       2023-12-30T21:10:12Z
       
       0 likes, 0 repeats
       
       @kkarhan @rena2019 @mwfc and a bunch of HOTP/TOTP while we’re at it ;)
       
 (DIR) Post #AdLcrEu2bFzWR3BdxY by kkarhan@mstdn.social
       2023-12-30T21:16:31Z
       
       0 likes, 0 repeats
       
       @jwildeboer @rena2019 @mwfc Or at least have the option for the end user...
       
 (DIR) Post #AdLcrFepnHQCmB50tc by jwildeboer@social.wildeboer.net
       2023-12-30T21:19:54Z
       
       0 likes, 0 repeats
       
       @kkarhan @rena2019 @mwfc The ICAO9303 app/filesystem definition allows for quite some variations …
       
 (DIR) Post #AdLcrGVectflPznCE4 by kkarhan@mstdn.social
       2023-12-30T21:21:46Z
       
       0 likes, 0 repeats
       
       @jwildeboer @rena2019 @mwfc Which sounds good and I think adding value and functios beyond #ICAO9303&#39;s nbare minimum makes sense, as any #reference implementation should in theory offer everything as per spec at once to showcase the capabilities...
       
 (DIR) Post #AdLcrHNtNF3e8DAVlY by mwfc@chaos.social
       2023-12-30T21:32:37Z
       
       0 likes, 0 repeats
       
       @kkarhan I think we need to beware of feature creep.There is a lot of nice to haves, but the real issue is that even bare minimum is problematic.Once you leave COTS and ideally you do not want to solder your own cards (eg combining st25dvs with additional eeprom)So finding fitting cards would be a major first stepideally cheap.Like I mentioned Javacards might be an option, but that I need to verify first.So if you have any NDEF cards that have &gt;8kByte tell us@jwildeboer @rena2019
       
 (DIR) Post #AdLcrIA6TzceXjj0ue by jwildeboer@social.wildeboer.net
       2023-12-30T21:36:16Z
       
       1 likes, 0 repeats
       
       @mwfc @kkarhan @rena2019 ICAO9303 requires 32 kB as minimum, but more is also allowed ;) AFAICS when you limit yourself to readily available cards with standard NDEF, that can be read and written by most NFC enabled smartphones, you land at NFC Forum Type 4, which defines max 32 kB, although it seems that some cards/chips go to 64 kB. But those are not garantiere to work everywhere.