UK RFID Passports: Cracked
Gee, what a surprise. Apparently it took all of 48 hours.
"The reader - I bought one for £250 - has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it.
"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."
Ooops. Forgot to encrypt the data itself?
What a bunch o' morons!
Should keep the secret key in a bunker on an Island just off the Azores or something.
3DES is very high encryption standard (triple Digital Encryption Standard).
MarkusArelius 17 Nov 2006