[LINK] Code highlights e-passport eavesdropping risk

Kim Holburn kim at holburn.net
Wed Nov 1 20:35:45 AEDT 2006 

I think you've missed the point.  The data is encrypted and signed.

It is encrypted with a key made from the personal data printed on the  
passport (the passport number, date of birth of the holder, and  
passport expiry date).  It is signed with a special government key.

If you know the personal data on the passport then you can read the  
data in the chip.  The personal data which makes up the encryption  
key is not secret and will be known to anyone seeing the passport or  
a copy of it.

This is not in any way serious encryption, more like a joke.

You can only change the data if you have the government key.  Of  
course if that key gets out then all passports encrypted with that  
key can be altered.  It will instantly invalidate all current  
passport data.


On 2006/Nov/01, at 7:51 PM, Irene Graham wrote:

> On Wed, 01 Nov 2006 07:03:27 +0800, brd at iimetro.com.au wrote:
>>> Code highlights e-passport eavesdropping risk
>>> What RFIDIOt chipped my passport?
>>> By John Leyden
>>> Published Tuesday 31st October 2006 12:42 GMT
>>> http://www.theregister.co.uk/2006/10/31/rfid_e-passport_attack/
> [...]
>
>>> The approach still requires knowing a secret key, derived from data
>>> printed inside a passport, which is designed to protect against
>>> eavesdropping.
>
> It is completely unsurprising that encrypted data can be read if  
> one knows
> the encryption key.
>
>>> However,
>>> Laurie reckons this information (the passport number, date of birth
>>> of the holder, and passport expiry date) is obtainable by means  
>>> other
>>> than physical access to a passport such as poorly secured airline
>>> websites.
>
> If the data needs to be obtained in such a way then obviously the  
> person
> doesn't have the passport. Therefore they don't have the chip that the
> data/key would unlock.

If the passport can be read from say 10 or 20 metres away and the  
data stored ....


--
Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/ 
datefmt.htm

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list