Word that the SHA-1 encryption scheme has been broken in China, which follows news from John Hopkins on how RFID car keys can be hacked, brings me to a sad conclusion.

Permanent hardware encryption isn't going to happen. (The image, by the way, is from DBC of Germany, a player in this market game.)

This does not mean we should give up on encryption as protection, or on hardware for encryption. It's just that, just as Moore's Law means today's state-of-the-art PC is tomorrow's door stop, so today's RFID lock could become tomorrow's open door.

Unfortunately this has major implications for the security industry as it is today.

For example, while some pooh-pooh the threat Hopkins identified, we know from the history of technology that what's possible today is easy tomorrow. Obsolescence is coming.

RFID keys are going to have to go through regular upgrades to stay ahead of the bad guys. Period.

No solution based on a single, current algorithm is going to last forever. Period.

This is going to be annoying, and it's going to cause problems. Get over it.

Solutions that use software for encryption aren't as vulnerable. Updating software is easier than changing-out hardware. But hardware changes are going to be necessary down the road. Those who make encryption hardware would do well to consider things like installing, say, FPGAs into multi-chip hardware keys so those systems can be upgraded in the field. Bu ultimately all locks must be replaced, and replaced regularly.

That's the reality.