guardian.co.uk — Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?
Nov 17, 2006 View in Crawl 4
rnelsoneeNov 17, 2006
Well - this isn't really 'cracked', they didn't break the 3DES encryption at all - you still need the correct key to read the data. It's just that they used a very, very weak key. If they just used 10 alphanumerics it would've been much safer. Hell, even print the key on the passport (as it already is now), and it's still better than what's on there now because no one can easily remember 10 alphanumerics with a quick glance. Just sayin'.
masscrazyNov 17, 2006
HAHA! I just got mine few weeks back with the hi-tech s**t on it and they charged 68 quid or something like that. This country arghhhh...........
ajaypopatNov 17, 2006
Here's crypto-guru, Bruce Schneier, weighing in on RFID-enabled passports<a class="user" href="http://www.schneier.com/blog/archives/2006/09/renew_your_pass.html">http://www.schneier.com/blog/archives/2006/09/renew_your_pass.html</a>
scabbersNov 18, 2006
If British people dug me down, I'd love to know what magical part of Britain they're living in.. I'll move.
siliconentityNov 18, 2006
Well, duh, they do that already. That's why you can't forge them. RTFA. The only thing you can do is find someone you resemble and use theirs.
diggduggjoeNov 18, 2006
Time for the Faraday cage wallets. It is insane to think that government is useful in any way. They do the same stupid type things over and over in virtually every field they touch. Disgusting!
colinmNov 18, 2006
"all I need to do is get my hands on one of the machines"Getting hold of a machine with a "private" key - those used to sign passports - would (hopefully) be difficult. The readers used everywhere where passports are checked would all only have the "public" keys."Anything signed with this key after the date of the discovery"Could you not just change the machine's clock to make it appear it was signed in the past?s/wala/voila/<a class="user" href="http://dictionary.cambridge.org/define.asp?key=88607&dict=CALD">http://dictionary.cambridge.org/define.asp?key=88607&dict=CALD</a>
fuzzycatNov 18, 2006
You really don't understand RFID do you. The *whole point* is they don't need to have physical access to the passport to get the information. So, for example, if it's in your jacket, briefcase or whatever it can be read. Sit at an airport for a few hours with a laptop and you've got access to a lot of personal data.bungholio!