I am sitting with my scary computer man and we have just sucked out all the supposedly secure data and biometric information from three new passports and displayed it all on a laptop computer. ... The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.
Now the home office claims that the info would be no use to a criminal without the rest of the actual passport. However, here's the killer scenario,
Given the results of the Westminster study, if a terrorist bore a slight resemblance to you - and grew a beard, perhaps - he would have a good chance of getting through a border. Because his chip is cloned, with the necessary digital signatures, and because you have not reported your passport stolen - you still have it! - his machine-readable travel document will get him wherever he wants to go, using your identity.
The article also gives a resume of why we have arrived at this pass and a likely scenario for actual passport cloning.
As I said previously; a faraday cage is needed for keeping the thing on your person or even in luggag. I gather that a LibDem spokesperson has actually called on the government to issue faraday cage passport holders to all recipients of new passports.
Cracked it! | Special reports | Guardian Unlimited: Filed in: UK, passports, ID_cards, RFID
No comments:
Post a Comment