Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Crypto with Epoxy Tokens, Glass Balls and Lasers

michael posted more than 12 years ago | from the truth-is-stranger-than-fiction dept.

Security 265

Anonymous Coward writes "Scientists from MIT and ThingMagic have collaborated and developed an innovative crypto mechanism using epoxy tokens, glass spheres and lasers. They have actually created a physical one-way function that cannot be tampered, copied or faked! The full scoop can be found at MSNBC, and also at Nature, & TOI."

cancel ×


Sorry! There are no comments related to the filter you selected.

Michael Sims (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#4297187)

Can eat my ass.

That is all.


pron is really (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4297188)


yes masturbate

You ideas intrigue me (-1)

govtcheez (524087) | more than 12 years ago | (#4297192)

I would like to subscribe to your newsletter.

FP for Calculus! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4297193)

By special request! GET IT IN YA!

Yeah... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4297199)


I'm hip! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4297207)


Great!! (1, Funny)

Unknown Poltroon (31628) | more than 12 years ago | (#4297217)

Let me just install that on my laptop.....

And this is humor, not a troll, lets see if youre smart enough to mod it that way.

Remember the SGI Patent? #@ +1; Informative @# (3, Interesting)

Anonymous Coward | more than 12 years ago | (#4297225)

for random numbers with

Lava Lamps? Now there is Lava lamp cryptography.

Read about it at:

LavaLamp []

Thanks and have a weekend !

Re:Remember the SGI Patent? #@ +1; Informative @# (2, Interesting)

lukegalea1234 (250067) | more than 12 years ago | (#4297306)

I remember a story some time ago about a linux application that rendered ansi text from an image.

There was talk of pointing a web cam out a window onto a busy street or point it at a lava lamp in order to generate a constant stream of seed data for encryption.

Re:Remember the SGI Patent? #@ +1; Informative @# (2)

cant_get_a_good_nick (172131) | more than 12 years ago | (#4297426)

or point it at a lava lamp in order to generate a constant stream of seed data for encryption.

They did this, it used to be on, but that server is no more. It baically would have a digital image of multiple lava lamps, take the numbers from the digital image, run it rhough some hash like MD5 and then use those as random numbers. [] seems to be the closes spiritual successor.

Re:Remember the SGI Patent? #@ +1; Informative @# (2, Informative)

Simon (S2) (600188) | more than 12 years ago | (#4297469)

i'ts called aalib [] .

from the site:
AAlib is an portable ascii art GFX library. If you wish to see some examples of AAlib technology, please browse AA-project homepage.

and here are some *pics [] * generated from the library.
i think it was intended to play doom over a network on a console, but what lukegalea1234 sad, is equally valid.

Epoxy tokens, glass spheres and lasers. (1, Funny)

nob (244898) | more than 12 years ago | (#4297235)

Geez people, can't we at least get some frickin sharks too?

Off topic? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4297352)

Obviously someone needs to throw some of the moderators a fricken bone here.

Umm.. I 've got it!

And the licensing fee for this new crypto technology will be...


This won't help online... (-1, Redundant)

anarchima (585853) | more than 12 years ago | (#4297237)

How would this work online? One of the sites said that it was only good against those old-fashioned credit card frauds where the magnetic strips can be faked...But how would that secure your online shopping? Otherwise, pretty cool for "bricks-and-mortar" shops and such, but I thought the real problems with encryption were the digital arenas.

Old Technology, new twist (5, Interesting)

lynx_user_abroad (323975) | more than 12 years ago | (#4297239)

IIRC, something similar to this (very low tech) was used to create tamper-evident seals on things like the boxes guarding equipment monitoring nuclear sites, etc.

I think the process involved mixing a bunch of little tinfoil sparkles into a clear epoxy resin, applying the resulting glue as a seal, and photographing it from several angles. Simple to create, yet darn near impossible to duplicate a second time. If the blob is missing or different, something fishy is going on.

Re:Old Technology, new twist (5, Funny)

still_sick (585332) | more than 12 years ago | (#4297371)

So remember, the next time a nuclear scientist asks to borrow your elbow macaroni and glue-on sparkles, he might not be making a birthday card for his mom - he might be ensuring the security of the world!

Re:Old Technology, new twist (0)

Anonymous Coward | more than 12 years ago | (#4297411)

The Japanese went patent mad, with much the same thing.
Their improved solution was paper ticket, with random splattered ink spots with speckled fibres, cheaper and forgeproof. Just dont doodle or drip tomato sauce on it.
Then color photocopers were invented.

Re:Old Technology, new twist (4, Interesting)

Phil Wherry (122138) | more than 12 years ago | (#4297493)

A very similar technology been used for the identification of gems [] for quite a while. The idea is pretty much the same: shine a laser beam into the gem, then record the pattern generated by internal reflection/refraction. The technique has been around for at least twenty years, I believe. Still, the idea of a physical one-way hash function is interesting and quite likely useful.

Re:Old Technology, new twist (3, Insightful)

LordMcD (99120) | more than 12 years ago | (#4297522)

These devices seem to be deriving all their randomness by the natural (and intentional) "imperfections" of the creation process. This means that they only become secure when the devices are first analyzed -- *after* they are made. There is an inherent benefit and weakness to creating things in this hit-and-miss way.

Because the manufacturers are not trying to create pseudo-randomness themselves (invariably according to some algorithm, like creditcard numbers), it really is much harder for blackhats to reverse the one-way function. However, because there are no rules governing what a "valid" key looks like (they're just supposed to be unique), someone could very carefully create a number of these token that are, instead of random, very similar. Because practical implementations of this scheme are likely to scan these keys from pre-determines angles, the amount of difference allowed between these similar keys may be large enough to create "duplicates".

Note that this doesn't mean that blackhats can duplicate your key, but they may be able to create a matching pair and swap yours with theirs in the middle of the night...

Obvious circumvention scheme (2, Insightful)

Mysterious (181405) | more than 12 years ago | (#4297241)

Great. They use a laser to convert the 3D arrangement of glass spheres in an epoxy matrix to a 2D 'light/dark' pattern.

A crummy piece of film exposed at the sensor plane, then developed, could be used to get around this. Lay the film on the 2D sensor, and voila - the 2D pattern is duplicated!

Re:Obvious circumvention scheme (2, Insightful)

forsetti (158019) | more than 12 years ago | (#4297262)

Simple man-in-the-middle attack, so to speak. Capture your 2D token, relay it on on your behalf......

Re:Obvious circumvention scheme (1)

lynx_user_abroad (323975) | more than 12 years ago | (#4297266)

Lay the film on the 2D sensor, and voila - the 2D pattern is duplicated!

Unless they shine several lasers on several different spots at different times in quick succession.

Re:Obvious circumvention scheme (5, Informative)

Remus Shepherd (32833) | more than 12 years ago | (#4297270)

I thought of that also. But I read the article more closely, and they mention that different view angles would be used to generate different speckle patterns.

A one-angle view of this token would not be secure, but a security mechanism that scanned the token through multiple angles would be very difficult to recreate. I don't know if they should be throwing around the word 'impossible', however.

Re:Obvious circumvention scheme (2)

brunes69 (86786) | more than 12 years ago | (#4297309)

It is impossible to re-create the crystal that generates the data, not the data itself. You are looking at this object which is used for physical security from a purely software standpoint. The data istelf (the pattern resulting from the laser through the crystal) is useless if you cant create the crystal which generated the data in the first place, because then you can't duplicate the card.

Re:Obvious circumvention scheme (2)

Cheetahfeathers (93473) | more than 12 years ago | (#4297405)

It's not impossible. Anything that can be created can be recreated. We just don't _currently_ have the engeneering skills needed to recreate it. Give it time... this kind of scheme will be broken too.

Re:Obvious circumvention scheme (2, Insightful)

Jobe_br (27348) | more than 12 years ago | (#4297525)

While they do say it isn't currently possible to generate the crystal fobs using available techniques, they also say that reversing the pattern of dots to create a fob *is* prohibitively hard - this is the key. What they're going for here is something that is as easy to manufacture as credit cards, but a few orders of magnitude more difficult to forge/copy/etc. Anyone who's been paying attention over the past few years realizes that magnetic stripe cards are pathetically easy to forge and magnetic stripes are easily read using devices that can be had on the grey market. Once you've read a magnetic stripe, you can recreate the credit card that originated it with ease.

This is what this technology is meant to prevent. First, you'd need the laser equipment to read the fob to get the dot pattern. Then, to be sure, you'd need to make sure that you illuminate the fob from all sides, since the dot pattern is different depending on where the laser is shown from. Next, you need a fabrication facility to create these crystal fobs (currently not available, I imagine that'll change, too) and finally, you need a boatload of math to figure out what set of microscopic bubbles works together to form the set of dot patterns you scanned previously.

This last bit, the forcing function, if you will, is the clincher. I imagine that the reversal of the dot patterns to a layout of microscopic bubbles in the fob is an f(x) that's particularly difficult to reverse, at least on the order of factoring the product of large primes (if not more difficult).

Possible? Maybe - eventually, certainly. More secure than credit cards? You betcha. Especially since credit card fraud/theft is amazingly low-tech these days ... this type of technology would greatly raise the bar.


Re:Obvious circumvention scheme (0)

Anonymous Coward | more than 12 years ago | (#4297409)

This general method was discussed way back in 1997 by Tony Jenkins and David Perell. Basically they concluded that if it was implemented combining with current crypto methods, that one could effectively disguise the firsts methods in a criss-cross pattern.

Interesting stuff.

Re:Obvious circumvention scheme (1)

Mysterious (181405) | more than 12 years ago | (#4297424)

You are absolutely correct - I missed that. But, how's this - a hologram of the epoxy/glass composite?

Granted they claim to address this in the article, I think their claim is bogus. In principle, using an optical probe a hologram is indistinguishable from the original, at least at the plane where the hologram is made.

Any informed comments?

Bypass the sensor unit (1)

sckienle (588934) | more than 12 years ago | (#4297462)

<p>OK. I sneak into a store at night, install a little dongle between the reader and the phone line (I'm using the credit card readers just as an example). I come back the next night, and I have all of the patterns sent out to be validated that day! Once I have the patterns, I don't need the reader, the fob or any physical item anymore.
One "obvious" solution to this is to encrypt the pattern at the device before it is sent, but now we're back into the standard encryption world, and we know that nothing is perfect there.
OK, so we change the pattern based on the date and time with a "protected" algorithm. Like that can't be solved.
Well, then we'll use a system like the "SecureID" cards with each credit card unit including the random/automaticly generated token as part of the encryption effort. Well that would be a little more complex.
But in the end, all of these solutions can be applied to the current barcode read from credit cards before it is sent over the phone lines today. The use of a 3D number/key generator, which is really what this is, won't change that.
P.S. Don't ask me how this could be used at Websites.... Pardon me, while I send this huge bit representation of your 3D fob over this dinky 56Kb error prone phone line. Right....</p>

Re:Bypass the sensor unit (1)

sckienle (588934) | more than 12 years ago | (#4297486)

Oops. Sorry for the extraneous junk. That was my first post here!

Re:Obvious circumvention scheme (2)

ajs (35943) | more than 12 years ago | (#4297487)

This falls into the catagory of "the analog would is hard to simulate" area of cryptography. These range from the wildly useful (e.g. radioactive decay sensors) to the "whoops, I though it was secure" (e.g. the example in Cryptonomicon of the woman who peeks at the bingo balls and "makes it more random").

Mostly it's a great way to come up with one time pads and otherwise feed random number needs in various crypto applications. Not terribly useful as a means of crypto per se.

So what, that's only half the picture. (3, Interesting)

brunes69 (86786) | more than 12 years ago | (#4297287)

Getting the 2D pattern is easy (anyone with access to a reader could simply get this pattern through software). You then have to manufacture a crystal which produces this pattern, so that you can use your new counterfit card at the Sony store, etc. This is the part that is currently impossible.

Re:So what, that's only half the picture. (2)

pete-classic (75983) | more than 12 years ago | (#4297530)

No, you just have to create a card that absorbs the input laser and outputs the "correct" 2D pattern (and maybe looks good enough to get past the genius working the register).



Re:Obvious circumvention scheme (2)

gsfprez (27403) | more than 12 years ago | (#4297335)

if the pattern output is much larger than the diameter of the laser beam at the POS system.. and it looks like that is the point, and you put your film in lieu of the token, all you'd get would be a dark or light spot at the sensor.. because the laser wouldn't spread properly - it would just go right thru the film at some dimished value.

if you were to build a practical (read: a forged credit guitar pick to by a hard drive at Fry's) forgery, you'd have to come up with a way to force the ultra-thin laser beam to spread into that pattern...

what would you do? Bring a lens with you to spread the laser evenly over the film?

i can't think of an obvious way to make a practical forgery - but i'm not saying it can't be done. But your notion of using film is bogus.

Dear Moderators, (0)

Anonymous Coward | more than 12 years ago | (#4297400)

how the hell is a complete mis-reading and mis-understanding of the article, not to mention something that is possibly a very subtle troll, called "insightful"?

Re:Obvious circumvention scheme (3, Insightful)

micromoog (206608) | more than 12 years ago | (#4297538)

Well aren't you smart, coming up with an "obvious circumvention scheme" that the original expert researchers never thought of. Brilliant.

Oh wait, what's this? Oh, there's an ARTICLE to read? One which discussed exactly that, and how the laser can be shone through the fob at multiple angles, requiring the correct 3D structure? Hmm.

Tokens, glass balls and lasers? (2, Funny)

Anonymous Coward | more than 12 years ago | (#4297243)

Sounds like a kinky high-tech peep show.

Evading the lameness filter (1)

Scoria (264473) | more than 12 years ago | (#4297247)

They have actually created a physical one-way function that cannot be tampered, copied or faked!

At this moment in time, of course. :)

What about... (0)

Thud457 (234763) | more than 12 years ago | (#4297349)

those laser etched "glass" paperweights you see at places like Disneyworld? They use some sort of clear "glass" and a laser is used to create "bubbles" inside it.

It seems that it might be possible to use something like that to create a "duplicate" key. (Ok, so this is an awful lot of conjecture... gimme $5M and I'll see if I can break it.)

woohoo! (-1, Offtopic)

larry bagina (561269) | more than 12 years ago | (#4297248)

LNUX broke the 1.00 mark again! Currently trading at 0.95. Mark your calenders - We'll have a delisting party in 30 days!

hmm... (4, Funny)

Quasar1999 (520073) | more than 12 years ago | (#4297249)

Can't be tampered with? Give me a hammer, I'll tamper with it... If I can't have the data, no one can!!!

Where can I get one (1, Offtopic)

doublem (118724) | more than 12 years ago | (#4297251)

So, when will this baby be Available in CompUSA?

When will the Linux drivers come out?

Dear Apple (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4297255)

Dear Apple,

I am a homosexual. I bought an Apple computer because of its well earned reputation for being "the" gay computer. Since I have become an Apple owner, I have been exposed to a whole new world of gay friends. It is really a pleasure to meet and compute with other homos such as myself. I plan on using my new Apple computer as a way to entice and recruit young schoolboys into the homosexual lifestyle; it would be so helpful if you could produce more software which would appeal to young boys. Thanks in advance.

with much gayness,

Father Randy "Michael" O'Day, S.J.

Everybody knows that (1)

WetCat (558132) | more than 12 years ago | (#4297261)

Glass ball and Extrasensory Medium is all we need
for 100% perfect encryption!

To clarify the story submission (5, Informative)

brunes69 (86786) | more than 12 years ago | (#4297264)

One thing know once you read the article(s), that really should have been included in the story submisstion, is this technology is more geared toward replacing things such as magnetic stripes on credit cards, and em cards, and whatnot. The tiny crystals that will replace these stripes produce a one-way function that is currently impossible to duplicate, so if widely adopted this would (at least temporailiy) make card couterfitting impossible. It is not describing a new encryption mechanism for your PC, or any software for that matter.

Interesting applications for storage (1)

ites (600337) | more than 12 years ago | (#4297265)

"We have about a terabit -- a one followed by twelve zeros -- of information contained in a penny's worth of material," said Gershenfeld.

Re:Interesting applications for storage (2)

Corporate Drone (316880) | more than 12 years ago | (#4297291)

...except that they aren't controlling the information, just recording it for future verification...

Re:Interesting applications for storage (1)

Glamatron (158833) | more than 12 years ago | (#4297444)

Hmm.. what if they turn out about sixteen trillion of them, and then use diff to figure out if the bead matches your data. The million-monkey theory can work, I know it!

Diff the data for storage. (0)

Anonymous Coward | more than 12 years ago | (#4297501)

(This is obvious, not patentable stick it in a prior art db somewhere)
You don't need 16 trillion of them for reasonable data storage. If you have an nice even 8 (this is base 2 ;) of them you have a terabyte.

Good CPU power ($200 in 2002 ) buys you the ability to take data from your hard drive, and find it in the crystal. Not create it or order it there, just find it, in a non-contiguous block.

Generating a few equations for an hour or so on your CPU and you have a small data pointer to the large data blocks of the crystal.

PKzip used to take an hour to open a big archive back in the day, "Melt" can take an hour today.

Now reading the terabit off a glass bead/plate, thats the pricy part today.


Re:Interesting applications for storage (0)

Anonymous Coward | more than 12 years ago | (#4297342)

The information they're talking about is random and nonsensical. It's about as useful for replacing current data storage mediums as a jar filled with white and black sand-grains would be.

Hey.. wait.. I may be on to something!

Re:Interesting applications for storage (0)

Anonymous Coward | more than 12 years ago | (#4297386)

"a one followed by twelve zeros"

but that's only 13 bits...

you need to spend some time away from your compute (0)

OppressiveGiant (558743) | more than 12 years ago | (#4297519)

If you're stuck thinking in binary, you probably need to go out some. See the daylight. Meet people[without posting on /.]. Just remember when the guy at wendy's says "two dollars" If you give him the one marked $10, make sure you get change.

GERMANS! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4297267)

Impossible to Compromise? (2, Insightful)

Corporate Drone (316880) | more than 12 years ago | (#4297268)

Great... just one question, though...

how is stealing speckle patterns gonna be any different from stealing credit card numbers from "secure" servers?

Bank cards as well (2)

brunes69 (86786) | more than 12 years ago | (#4297334)

It could also be used on bank cards, thus preventing people from counterfitting them. I once read about a ring which was using an aptly mounted hidden camera to monitor people's PIN numbers. They then grabbed some ATM slips the person threw away (most people rarely keep/destory them) and manufactured a fake card using their PIN and their account information.

Re:Impossible to Compromise? (2)

catfood (40112) | more than 12 years ago | (#4297374)

With credit cards, the credit card number is the secret, the whole secret, and nothing but the secret.

With the new gizmo, the speckle pattern is not the secret. The secret is the arrangement of crystals, which isn't shared with anyone. Steal a copy of the speckle pattern and you have nothing.

Re:Impossible to Compromise? (3, Insightful)

Salamander (33735) | more than 12 years ago | (#4297395)

Because stealing the speckle pattern does you no good. You need to create a device that makes that pattern, when light is shone through it and an inaccessible air gap onto a sensor. You can't just lay something on top of the sensor itself because, in any even half-way sensible design, you couldn't get to the sensor itself without disabling the entire reader.

I actually think this idea is extremely clever, but I don't know if I'd consider it a method of encryption. Even if you had an LED grid representing cleartext on one side, so you could read the "ciphertext" speckle pattern on the other side, how do you decrypt that? What kind of resolution, frequency and loss ratio are we talking about? This seems like it might be a really good authentication mechanism, where a known input will only be converted to a known output in the presence of a unforgeable secret, but I don't see how it can work for encryption where the input varies.

Re:Impossible to Compromise? (0)

Anonymous Coward | more than 12 years ago | (#4297535)

I believe, that despite the words used in this article, that this is really more of a CRYPTOGRAPHIC HASH algorithm rather than an encryption algorithm.

A cryptographic hashing algorithm (for those of you who haven't taken basic crypto) is something that given a variable-sized input creates a unique output (of fixed size IIRC). It is not meant to be decrypted. The other end needs to have the original plaintext too. This is only a way to make sure that you know the same thing. Think MD5.

That's my take on it. believe what you want.

Minority report (0)

knownsense (558106) | more than 12 years ago | (#4297269)

reminds me of Minority report...

Re:Minority report (1)

briglass (608949) | more than 12 years ago | (#4297453)

I agree. That's what I thought of when I first read it. We got a victim ball.

That's nothing! (-1, Offtopic)

teamhasnoi (554944) | more than 12 years ago | (#4297272)

I perfected a method to post to slashdot by only reading the front page and never reading the articles, using only my lazy ass, and a burning desire to get first post.

I'm trying to fit lasers and epoxy tokens filled with glass beads in here, but there's no time!

New business-model? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#4297277)

1: Write free software.
2: ?
3: Encrypt with Epoxy Tokens, Glass Balls and Lasers.
4: Profit!

Well holy shit. (1, Flamebait)

Burgundy Advocate (313960) | more than 12 years ago | (#4297282)

They've discovered the one-time pad!

This is just fucking revolutionary. Somebody dust off the Nobel prize.

Re:Well holy shit. (1, Offtopic)

squaretorus (459130) | more than 12 years ago | (#4297297)

I think you're missing the point with your sarcastic response. They did much more than you say! They made the one-time pad SPARKLEY!!

Re:Well holy shit. (0)

gazbo (517111) | more than 12 years ago | (#4297343)

Do they use it only once? No. They use it every time verification is needed. Hence, not a one time pad, retard. (Different angles give different patterns, but since they need to be known about beforehand there is only a finite number, so the same patterns will be repeated)

Also, one time pads are for reversible cryptography. You know, when you write a message and someone has the audacity to expect to be able to read it at the other end. This is not reversible. It is a one way function, 'tard. You would be better comparing this with an md5 than a one time pad.

Jesus, do you actually know anything about cryptography, cock gobbler?

Re:Well holy shit. (0)

Anonymous Coward | more than 12 years ago | (#4297366)

I don't think what they did is great enough to get excited about. But you incorrectly surmise they have recreated the one time pad. The idea of the one-time pad is typically to make TWO and only TWO identical copies ... one for receiver and one for sender. The can share the pad, but in typical configurations there are two copies. They have a pseudo-one-way mechanical function.

Re:Well holy shit. (3, Informative)

Scarblac (122480) | more than 12 years ago | (#4297396)

They've discovered the one-time pad!

No, they have not. That would mean that whoever receives a message sent with this data had the same pad, and that isn't the case.If it were, a 12-terabit stamp-size one-time pad would still be rather good.

I'm a bit unclear how this works in practice though. They say they can check the patterns the thing makes against a "secure" database. They can't store all the 12 terabits there.

So, I assume, they pick some number (say, 100) of ways to shine a laser at it at random, and store those in the server. When it's time for identification, the server tells the token reading gadget which position(s) the laser should be in, it sends the pattern back, and it can be checked.

One possible attack is obvious, it may be possible to find out which random spots for the laser have been stored for this token by asking for a verification enough times. However, that gives you the task of making an object that fits into a reader, that gives the right patterns for all the 100 ways... And that's Hard. So it may not even be necessary to randomize the laser positions, just check some number of standard patterns, and it will be too hard to make an item that can fake them all.

Thanks for listening to my train of thought. I think I get it now :)

Durability? (5, Insightful)

Anonymous Coward | more than 12 years ago | (#4297283)

This seems like a really good system, one that for once is almost impossible to forge. However, it seems to have a major flaw: Durability. The Nature article states that "a token with a hole half a millimetre across drilled through it gives a speckle pattern clearly distinguishable from the original." So what happens when (not if!) the card gets scratched and worn? Will it immediately stop functioning? These secure cards won't be worth much if they have to be replaced every month because of wear and tear... and with the system they are using, error correction isn't an option (defeats the whole purpose of the tokens since tampering with them would then become possible).

Re:Durability? (0)

Anonymous Coward | more than 12 years ago | (#4297362)

Tarticle said:
Yet the process that transforms the speckle pattern into a string of digits can be modified to ignore accidental surface scratches.

Re:Durability? (0)

Anonymous Coward | more than 12 years ago | (#4297397)

Impossible to forge yes. But there still has to be a database the stores the signature read from the chip. That database isn't "impossible" to hack. Until a solution is developed so that its secure on both ends, there isn't a solution.

Re:Durability? (3, Insightful)

photonic (584757) | more than 12 years ago | (#4297408)

There are probably some tricks to prevent this. You could embed the active part (the epoxy with the tiny spheres) within a layer of homogeneous material (e.g. epoxy without the spheres) and use a lens to access the inner part.

This is similar to the trick they use in CD's. At the metal layer containing the information the light is focused to a few micron. This layer is burried almost a millimeter deep inside the plastic. At the surface the beam has a much larger diameter and tiny scratches are no problem.

Re:Durability? (1)

lynx_user_abroad (323975) | more than 12 years ago | (#4297504)

Imagine a reader which could be remotely controlled and answer challenges. A challenge might look like "Set laser angle vector to x123y456z789 by x321y654z987" and a response would be the bit pattern readout.

You stick your crystal bead into the reader to make your purchase.

The remote computer sends a series of a thousand or so challenges and compares the responses to the known set taken berfore the bead was sent out. If 95% or so of the bits in 95% of the queries are correct, it's probably the original, scratches and poorly maintained readers not withstanding.

The drawback of this (if there is one) is that the manufacturer does not get to choose what information goes in, but must instead maintain a database of expected challenge/response pairs for each bead.

On the other hand, the scratches and such may become a part of the challenge/response. If a certain scratch causes a 0 bit where a 1 was originally the expected response, and the 0 is consistent, then you update your database to now expect a 0 response instead. (It opens up the theorhetical possibility of "training" the C/R database to accept two different beads as identical.

In a related story.... (4, Funny)

Tha_Big_Guy23 (603419) | more than 12 years ago | (#4297284)

McGuyver has made plans to begin work at MIT in their research department to create supercomputers from old ballpoint pens, and outdated telephone mechanisms.

Re:In a related story.... (0)

Anonymous Coward | more than 12 years ago | (#4297414)

McGuyver has made plans to begin work at MIT in their research department to create supercomputers from old ballpoint pens, and outdated telephone mechanisms.

Hunh? How'd you guess that? You've perfectly described my Beowulfffff... awww, ffffuckit.

Early results (2)

doublem (118724) | more than 12 years ago | (#4297421)

In the first week, his research team added garage door openers and discarded pie tin plates to the mix.

When MIT announced that they would dedicate several old Apple IIs to the project, MacGyver was quoted as saying, "I'm excited, but it's still overkill for the project."

In the first week, he developed a quantum computer that can crack RSA 128 bit encryption in 0.034 seconds, predicts the weather with 97.5% accuracy up to 10 days in advance, located Jimmy Hoffa and solved the mystery of crop circles.

And then he built a beowolf cluster of them.

How Big a Problem Is This with Credit Cards? (1, Insightful)

VirtualDestructor (573772) | more than 12 years ago | (#4297292)

The concpet is pretty damn cool, and simple to boot. Elegant solutions always seem so obvious once someone smart come up with them first.

How big of a problem is this with Credit cards though? Don't the problems normally arise when a card is stolen, or accuired under false pretenses? Not that there aren't other applications for it, just the one they gave seems a little weak.

Function that cannot be tampered, copied or faked (3, Insightful)

jea6 (117959) | more than 12 years ago | (#4297294)

...until it is tampered, copied, and faked. Never say never, especially with regards to crypto.

I already have one of these in my wallet.. (5, Funny)

gsfprez (27403) | more than 12 years ago | (#4297305)

actually, i have 3.

there are 50 or so of em lying around at home, making my wife mad.

so explain again why guitar picks [] are news?
(my apologies to westsky in advance)

Jaz disks use something like this (0)

Anonymous Coward | more than 12 years ago | (#4297308)

I believe Jaz disks use something like this, there s a clear plastic wafer in the Jaz disk which was used to prevent competition in the media. This is why the Jaz drive has pretty much failed, the disks stayed too expensive because only Iomega could sell them.

Re:Jaz disks use something like this (1)

nxs212 (303580) | more than 12 years ago | (#4297506)

waat? They don't have anything like that. Also, they failed to catch on because 50% of the drives failed within 1 year. The rest fail 2 years later. Jaz drives are also well known for chewing up those pricy disks, destroying all data.

Not too useful.. (1, Insightful)

Anonymous Coward | more than 12 years ago | (#4297314)

This doesn't sound like it will be too useful to normal people. It doesn't even sound like it will necessarily be all that secure. In the end the object becomes a key and if the algorithm is known the key can be brute forced. They say that a terrabyte of information can be in such a small object, and I have no doubt of that. What I do doubt is that they use a terrabyte of information. If they go down to a small level they must be able to reproduce the exact same data each time. Because of this I'd guess they don't use anything quite near a terrabyte or even a megabyte. As computers get faster the keys will be brute forced faster. Ten years from now this style of encryption may be just as rediculous as current methods.

If each one was unique then.... (1)

nenolod (546272) | more than 12 years ago | (#4297324)

They (being whoever would want to) could track you via the usage of your epoxy token.

Re:If each one was unique then.... (2)

Scarblac (122480) | more than 12 years ago | (#4297423)

If each one was unique then they (being whoever would want to) could track you via the usage of your epoxy token.

You mean, in the same way they can track you by the unique *number* on your credit card already?

So what exactly is new here? (2, Insightful)

skaffen42 (579313) | more than 12 years ago | (#4297332)

So we have a one way function that happens to be based on a physical object rather than being calculated by a CPU. I don't see how this makes it more secure.

I also don't see why this is any different than any other hardware based authentication (RSA tokens, smart cards, etc.) The tokens might be cheaper, but I bet the scanner is not going to be cheap.

And as with most authentication systems the big problem is going to be protocol attacks, not attacks on the cryptography itself. I don't see little glass balls changing this fact.

Yes I'm cynical. But probably with good reason.

Headline from Nature reads: (5, Funny)

dr_dank (472072) | more than 12 years ago | (#4297333)

Cheap trick secures secrets

Finally! Something to go hand-in-hand with my REO Speedwagon encryption algorithm.

Shit (4, Funny)

papasui (567265) | more than 12 years ago | (#4297344)

And all these years my family has been persecuted in Salem, MA and it turns out all they wanted was our crystal balls!

Re:Shit (2, Funny)

papasui (567265) | more than 12 years ago | (#4297377)

The most clever thing I've said in the last month and I get modded troll. I wish there was a Not Funny. :(

Neil Gershenfeld (2, Informative)

AlphaHelix (117420) | more than 12 years ago | (#4297355)

Notice that one of the authors on this paper is Neil Gershenfeld, author of The Physics of Information Technology [] , reviewed here exactly a year ago yesterday (at least I think it was a year. The searched Slashdot postings have no year indication on them. Is this a Y0K bug?) I liked that book, actually. It had a very readable section on the fluctuation dissipation-theorem, though I think it gave short shrift to research on the underlying causes of the FDT.

Help me understand. (2)

teamhasnoi (554944) | more than 12 years ago | (#4297357)

If the laser is shined through at a different angle, however slight, how can you get an accurate reading?
Would wear and tear change the shape of the token, rendering it useless?
If this stores a terrabit of info, how can we get it to store the info we want?
How will the government be able to demand a backdoor to this tech?
Will I ask any more questions?

Why are holographs prohibitive? (3, Interesting)

Christopher Thomas (11717) | more than 12 years ago | (#4297369)

The article claims that making a holographic forgery would be prohibitively difficult, but doesn't explain why.

You could almost certainly make one if you had the original card to duplicate.

If you had the verification information for the card - the list of patterns the scanner looks for - you could probably make a holographic reproduction with a bit of fiddling (the same multi-exposure technique is used for making aminated holographs that move as you change viewing angle).

You'd have a hard time duplicating the card just from observing one transaction, but the same holds true for electronic media (one challenge/response pair does not give you a smart card's key).

Does anyone have further details on why the researchers say this would be difficult to forge?

DRM implications (2)

ortholattice (175065) | more than 12 years ago | (#4297387)

So, the next step is to manufacture CDs with copy prevent^H^H^H^H^H^H^Hprotection using these tokens. (Sigh.)

Maybe this is too secure? (1)

mustangdavis (583344) | more than 12 years ago | (#4297412)

"Cryptosystems don't protect information if they're not used. The introduction of physical one-way functions greatly expands where, and how, information can be protected,"
Has anybody considered the idea that this form of encryption may be "too strong"?

What if Bin Laden & Co. start using encrytion like this? How is our government going to determine which building will have a plane inprint next?

Sometimes encryption isn't such a great thing ...

Just my $0.02

Re:Maybe this is too secure? (0)

Anonymous Coward | more than 12 years ago | (#4297477)

Well the obvious solution is to drop large amounts of explosives from the air onto any non governmental location or person that is known to be using this unbreakable form of encryption, just in case they are using it for illicit purposes. In the future, privacy will be a one way affair, the government will have it, you will not.

And the marketing poeple. . . (5, Funny)

dasboy (598256) | more than 12 years ago | (#4297433)

will bill this as "Cryptography with balls."

Easily Damaged? (3, Insightful)

miket01 (50902) | more than 12 years ago | (#4297434)

From Nature:
Tampering with a token also quickly destroys its validity: a token with a hole half a millimetre across drilled through it gives a speckle pattern clearly distinguishable from the original.

I'd imagine it'll take a little work to keep these things from getting scuffed or otherwise damaged beyond recognition through regular handling, especially if they end up on your key chain.

Of course, a really sophisitcated system might take that into account, and update the key profile to recognize each key's unique wear and tear.

OT: Article Photo (0)

Anonymous Coward | more than 12 years ago | (#4297435)

I like the way scientist-types have to peer at the camera with that "I have changed the f'in' world!" look every time they're photographed for a popular article. I can just hear the photographer shouting "Give it to me baby!" and "C'mon, make me wanna worship you! Yeah!" I just hope they're laughing heartily afterward, and that the gaze of superiority doesn't become permanent. ;)

OT, but nevertheless (0, Offtopic)

back_pages (600753) | more than 12 years ago | (#4297441)

Why list the submitter as an Anonymous Coward if you're going to link to what appears to be a personal email address? No good deed goes unpunished indeed...

Defeats one of the purposes of smart cards (3, Interesting)

John Harrison (223649) | more than 12 years ago | (#4297457)

One of the nice things about a smart card system is that it doesn't have to go onlne for each transaction. From the descriptions it seems that this system does have to check with a database at the time of purchase. So the speedup from a smartcard is lost.

Still a major flaw in this for 'Smart Cards' (3, Insightful)

Christianfreak (100697) | more than 12 years ago | (#4297488)

The MSNBC article goes on and on about how this is great for 'Smart Cards' but in reality it doesn't make them that much more secure that credit cards because most of the theft that happens with credit cards is not breaking into computers, rather it's physical theft of the cards themselves.

A 'smart card' isn't going to stop a pick pocket from theiving your wallet so we're back to square one.

And not to be troll but has this been on /. before? It seems vaguely familiar.

Minority Report balls (1)

henben (578800) | more than 12 years ago | (#4297512)

I wondered why they used those coloured balls to deliver the psychic crime predictions in Minority Report. I thought it was bollocks, but maybe it makes sense in the light of this. Please append your Samantha Morton/balls jokes below. Humunnah.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?