Comment by Detrytus
2 years ago
Shouldn't that be other way around? Keycard only holding the simple numeric id, which is burned into silicone chip on it and impossible to modify, and the reader at the door, connected to hotel central system checks what privileges that particular keycard grants?
> the reader at the door, connected to hotel central system
That’s very often not the case, though, especially in retrofitted installations.
Locks are sometimes offline and even battery powered (and I suspect they can even report a dying battery to the front desk by setting the appropriate flag on keycards as they’re being read).
In the days before cheap, low-power radio networks a "central system" would have meant dedicated wiring to each door lock. So it would have been much more expensive to install than a standalone battery powered unit mounted directly on the door.
That doesn't stop someone else from flashing a reprogrammable keycard with the id.
You could force or deny service on a lock that just checked a simple ID.
Wouldn't that only be for poor implementations?
If the reader had a decently secure channel to the central auth piece, then it shouldn't (in theory) matter how simple or complex the id would be. (?)