[LINK] Code highlights e-passport eavesdropping risk
Kim Holburn
kim at holburn.net
Wed Nov 1 20:35:45 AEDT 2006
I think you've missed the point. The data is encrypted and signed.
It is encrypted with a key made from the personal data printed on the
passport (the passport number, date of birth of the holder, and
passport expiry date). It is signed with a special government key.
If you know the personal data on the passport then you can read the
data in the chip. The personal data which makes up the encryption
key is not secret and will be known to anyone seeing the passport or
a copy of it.
This is not in any way serious encryption, more like a joke.
You can only change the data if you have the government key. Of
course if that key gets out then all passports encrypted with that
key can be altered. It will instantly invalidate all current
passport data.
On 2006/Nov/01, at 7:51 PM, Irene Graham wrote:
> On Wed, 01 Nov 2006 07:03:27 +0800, brd at iimetro.com.au wrote:
>>> Code highlights e-passport eavesdropping risk
>>> What RFIDIOt chipped my passport?
>>> By John Leyden
>>> Published Tuesday 31st October 2006 12:42 GMT
>>> http://www.theregister.co.uk/2006/10/31/rfid_e-passport_attack/
> [...]
>
>>> The approach still requires knowing a secret key, derived from data
>>> printed inside a passport, which is designed to protect against
>>> eavesdropping.
>
> It is completely unsurprising that encrypted data can be read if
> one knows
> the encryption key.
>
>>> However,
>>> Laurie reckons this information (the passport number, date of birth
>>> of the holder, and passport expiry date) is obtainable by means
>>> other
>>> than physical access to a passport such as poorly secured airline
>>> websites.
>
> If the data needs to be obtained in such a way then obviously the
> person
> doesn't have the passport. Therefore they don't have the chip that the
> data/key would unlock.
If the passport can be read from say 10 or 20 metres away and the
data stored ....
--
Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/
datefmt.htm
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the Link
mailing list