Freedom Folks

Friday, November 17, 2006

Tamper Proof ID?

Source: guardian

As the president continues his lame attempts to sell us his guest worker/amnesty dealie one of the key selling points, you've heard the man say it, is a tamper proof ID. Now, when it comes a contest between armor and missiles which side invariably wins?
Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes? *snip*

"I was amazed that they made it so easy," Laurie says. "The information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.

"The reader - I bought one for £250 - has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it.

"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."

Within minutes of applying the three passports to the reader, the information from all of them has been copied and the holders' images appear on the screen of Laurie's laptop. The passports belong to Booth, and to Laurie's son, Max, and my partner, who have all given their permission.

Booth is staggered. He has undercut Laurie by finding an RFID reader for £174, which also works. "This is simply not supposed to happen," Booth says. "This could provide a bonanza for counterfeiters because drawing the information from the chip, complete with the digital signature it contains, could result in a passport being passed off as the real article. You could make a perfect clone of the passport."
Can't happen here right? Look, if my choices are whip smart PHD's in starched white scientist coats creating "tamper proof cards" on the gub'mint dime, or, emo kids who will crack this sucker in thirteen and a half minutes before returning to a smoking hot game of "Pimples: Blue Crack Sidewalk" to finally exterminate that wicked boss on level nine and posting the information online for Abdul your friendly neighborhood terrorist to exploit. I choose the latter.

Let's just say I've seen the movie"Wargames" and absorbed the pertinent message. Which was as I recall, hot chicks dig nerds? Or perhaps, computers have mighty kung-fu?

Well, it's been a bit but I think you get the idea. And of course you know when the first terrorist uses this "tamper proof" card to gain access to somewhere he ain't supposed to be and he makes it all extra crispy in the name of Allah, then,and only then will we learn that a dyspeptic incontinent hamster could have defeated the thing.

Know why? Cuz the gub'mint gots weak kung-fu.

Oh, and if you wanna blather on about "the private sector" being all that? Your computer ever catch a cold? Missiles and armor folks.

Technorati Tags: , , , ,



Create a Link

<< Home