[LINK] Code highlights e-passport eavesdropping risk

Irene Graham rene.lk at libertus.net
Wed Nov 1 21:20:29 AEDT 2006


On Wed, 1 Nov 2006 17:17:04 +0800, Adrian Chadd wrote:
[...]
>> If the data needs to be obtained in such a way then obviously the
>> person doesn't have the passport. Therefore they don't have the chip
>> that the data/key would unlock.
>>
>
> Well, assuming you know how to turn all of that into the key:
>
> * Passport ID is what, 10 digits max? Maybe less IIRC. If its just
> numerical then thats at most ~ 20 bits towards the key.
> * DoB is easy - 0-31 (5 bits), 0-12 (3.x bits, call it 4 bits), 1900-
> >2100 (call it 8 bits giving you 256 years there.) So 17 bits tops. *
> Passport expiry date is something similar.  Again, 17 bits tops.
>
> Assuming no logic is used to cut down that key space you're left with
> 54 bits of keyspace to search. That is before any key space analysis or
> other cryptanalysis to drop that down. It is well within the realms of
> current computer hardware to brute-force.
>
> (I'm not an expert in cryptanalysis either, so feel free to read with
> many bags of salt. I can see a few tricks to cut down on the search
> space listed above without too much hassle.)
>
> So "not having the passport to get at the crypt key" isn't a good
> enough excuse with whats been covered here. Hopefully there's much,
> much more to it than that.

The length of the key data is an issue that has had very little media 
publicity. If the article had raised that issue, then it would have been 
worth publishing imo. Instead it talks about being able to work out the key 
to a particular passport chip if one can find out particular info that is 
printed on the passport (which has long been known to be how the system 
works by anyone who's taken an interest in this topic) without apparent 
regard to the question of what use is the key without access to the 
relevant chip (and, further, if one has the chip then one also has the 
passport with the relevant key data printed on the paper anyway).

On the matter of the key space, ICAO docs say it's maximum 56 bits 
(depending on the country). Reportedly ICAO is considering increasing 
entropy of BAC keys. See, as one example of such reports:
http://www.interoptest-berlin.de/pdf/Verschueren_-_Truth_and_Myth_of_cracki
ng_the_BAC_protocol.pdf

The only reason I consider the current entropy not to be *major* worry in 
relation to the *Australian* e-passport chip is because what is on the chip 
is also printed on the passport anyway (and long has been). It is however 
of concern that access to the chip gives access to an electronic copy of 
the person's photo. It would be vastly more of a worry if there was other 
types of biometric data on the chip. 

Irene









More information about the Link mailing list