FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How strong is nfc password with 8 bytes? How much time needed to bruteforce it?

Go to solution
abhijeet_7
Associate

‎2023-12-22 11:37 AM

Hi Team,

How strong is 8 bytes NFC password given the fact that there is no lockout mechanism. Assuming an attacker with physical proximity tries to brute-force (try all combination) the password on nfc chip, How much time will be needed to crack the password? How to calculate the time it takes to perform one valid/invalid authentication attempt on nfc chip?

0 Kudos
This discussion has been locked for participation. If you have a question, please start a new topic in order to ask your question
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Peter BENSCH
ST Employee

‎2023-12-22 01:19 PM

Welcome @abhijeet_7, to the community!

Well, you can easily work that out for yourself: 2^64 = 1.845*10^19 codes, divided by an assumed 10000 brute force attacks per second = approx. 58.45 million years. Do you want to wait that long?

Regards
/Peter

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

0 Kudos
3 REPLIES 3
Go to solution
Peter BENSCH
ST Employee

‎2023-12-22 01:19 PM

Welcome @abhijeet_7, to the community!

Well, you can easily work that out for yourself: 2^64 = 1.845*10^19 codes, divided by an assumed 10000 brute force attacks per second = approx. 58.45 million years. Do you want to wait that long?

Regards
/Peter

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
Go to solution
abhijeet_7
Associate

‎2023-12-24 02:57 AM

Thanks @Peter BENSCH for the explaination I really appreciate it. I am interested in knowing how the assumed 10000 brute force was derived. I referred the datasheet of ST25DV04KC and found that the chip supports fast read access up to 53 Kbit/s which approximates to 829 password reads from memory per second. So I was assuming that the maximum bruteforce attempts per seconds will be 830 approx. Is there any caching mechanisms on the NFC chip which can reduce the authentication time or my assumption is correct?

0 Kudos
Go to solution
Peter BENSCH
ST Employee
In response to abhijeet_7

‎2023-12-24 06:12 AM

@abhijeet_7 I only took the 10000 attacks as an example, it is not a number stored somewhere. However, the total time required for the approx. 830 per second and 64Bit is also a good 12 times as long, i.e. 704 million years…

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
Top