17 Nov 2006

secure in your identity?

The Guardian ran a rather worrying article about how easy it was to pull personal information off the new RFID passports. I'm now kicking myself for not renewing my passport earlier this year. Just remember folks, if it can me made, it can be copied.

"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."

No comments: