Not all Mifare tags are broken. Mifare Classic is now hacked. Philips has Mifare versions that are notcracked yet. They are based on triple DES.
fake 32 bit security (16 bits x 2)
"So that's basically the random number and the challenge response (is) completely broken. Not by us but by design."
Nohls: “If that weren't the case, 16 bit random numbers means you listen in on 128 transactions and then, after (...) another 128, you see one of the challenges again. So without any control over the randomness here, you WILL break it in minutes."