[LINK] Code highlights e-passport eavesdropping risk
Irene Graham
rene.lk at libertus.net
Wed Nov 1 21:20:29 AEDT 2006
On Wed, 1 Nov 2006 17:17:04 +0800, Adrian Chadd wrote:
[...]
>> If the data needs to be obtained in such a way then obviously the
>> person doesn't have the passport. Therefore they don't have the chip
>> that the data/key would unlock.
>>
>
> Well, assuming you know how to turn all of that into the key:
>
> * Passport ID is what, 10 digits max? Maybe less IIRC. If its just
> numerical then thats at most ~ 20 bits towards the key.
> * DoB is easy - 0-31 (5 bits), 0-12 (3.x bits, call it 4 bits), 1900-
> >2100 (call it 8 bits giving you 256 years there.) So 17 bits tops. *
> Passport expiry date is something similar. Again, 17 bits tops.
>
> Assuming no logic is used to cut down that key space you're left with
> 54 bits of keyspace to search. That is before any key space analysis or
> other cryptanalysis to drop that down. It is well within the realms of
> current computer hardware to brute-force.
>
> (I'm not an expert in cryptanalysis either, so feel free to read with
> many bags of salt. I can see a few tricks to cut down on the search
> space listed above without too much hassle.)
>
> So "not having the passport to get at the crypt key" isn't a good
> enough excuse with whats been covered here. Hopefully there's much,
> much more to it than that.
The length of the key data is an issue that has had very little media
publicity. If the article had raised that issue, then it would have been
worth publishing imo. Instead it talks about being able to work out the key
to a particular passport chip if one can find out particular info that is
printed on the passport (which has long been known to be how the system
works by anyone who's taken an interest in this topic) without apparent
regard to the question of what use is the key without access to the
relevant chip (and, further, if one has the chip then one also has the
passport with the relevant key data printed on the paper anyway).
On the matter of the key space, ICAO docs say it's maximum 56 bits
(depending on the country). Reportedly ICAO is considering increasing
entropy of BAC keys. See, as one example of such reports:
http://www.interoptest-berlin.de/pdf/Verschueren_-_Truth_and_Myth_of_cracki
ng_the_BAC_protocol.pdf
The only reason I consider the current entropy not to be *major* worry in
relation to the *Australian* e-passport chip is because what is on the chip
is also printed on the passport anyway (and long has been). It is however
of concern that access to the chip gives access to an electronic copy of
the person's photo. It would be vastly more of a worry if there was other
types of biometric data on the chip.
Irene
More information about the Link
mailing list