Two students find security bug that could let millions do laundry for free - eviltoast
  • efstajas@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    6 months ago

    You could store a counter for every machine used on the card, realistically, given few Laundromats would have over 50 or so machines. That’d mean that as you say, restoring the cards initial state would break it for every machine you previously used.

    Going way too far now for what would make sense for a Laundromat, but just to entertain the idea…

    You could also use an OTP encryption scheme on the card, where the exchange encryption key is based on the laundry machine ID, card ID, and a current timestamp, and thus changes every time the card is used. It would then be quite hard to “restore” the initial state of the card without having the laundry machine’s hidden ID. Everything you read off the card would be useless a second later.