Picking a key for protecting your card or data is not always a simple task. Choices of length, type, value & ease of use can make the decision more difficult however the key(s) need to be as secure as possible to prevent the data becoming compromised. Here are my top tips for picking a key value:

1. Avoid using a word that has meaning related to the product or company. For example, the key “OYSTER” used on an Oyster card would be easy to guess.

2. Avoid keys that are already known, such as 0x40..4F or 0xFF..FF. These are regularly used as default values on other products.

3. Make the key as random as possible. Random keys are harder to guess and will keep your data safe for longer.

4. Use a random data generator. Websites such as randomkeygen.org & random.org (not affiliated) are excellent for generating data that can be used as a key.

5. The longer the better. A key that is 16 bytes is more secure than one that is 4 bytes. This is simply due to the time required to try every combination.

6. Use Diversified Keys.  By using a diversified key (one that is different on each card), if one key becomes compromised only one card is at risk, rather than the entire systems. There are plenty of stand key diversification methods that could be used. However proprietary algorithms offer the best security. By using the card serial number, for instance, as part of the algorithm the key can be re-calculated when required.

Universal Smart Cards, Ltd can help you with key generation and offer advice on diversification routines. Please contact us here for more information.

Kevin Loveman - Technical Manager, Universal Smart Cards, Ltd.

This entry was posted on Usmartcards Blog.