[LINK] Code highlights e-passport eavesdropping risk
Irene Graham
rene.lk at libertus.net
Wed Nov 1 19:51:54 AEDT 2006
On Wed, 01 Nov 2006 07:03:27 +0800, brd at iimetro.com.au wrote:
>> Code highlights e-passport eavesdropping risk
>> What RFIDIOt chipped my passport?
>> By John Leyden
>> Published Tuesday 31st October 2006 12:42 GMT
>> http://www.theregister.co.uk/2006/10/31/rfid_e-passport_attack/
[...]
>> The approach still requires knowing a secret key, derived from data
>> printed inside a passport, which is designed to protect against
>> eavesdropping.
It is completely unsurprising that encrypted data can be read if one knows
the encryption key.
>>However,
>> Laurie reckons this information (the passport number, date of birth
>> of the holder, and passport expiry date) is obtainable by means other
>> than physical access to a passport such as poorly secured airline
>> websites.
If the data needs to be obtained in such a way then obviously the person
doesn't have the passport. Therefore they don't have the chip that the
data/key would unlock.
Irene
More information about the Link
mailing list