UK Passport Security Cracked

The Guardian is reporting that the new UK Passports have been cracked.

“The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a ’secret key’. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.”

I’m glad something like this has come out, i’ve been an opponent of this and ID cards since they were first mentioned. I frankly wouldn’t trust the government to be a ble to file some word documents securely let alone keep track of my biometric information, or be able to cope with 60 million citizen’s biometrics.

Who even came up with the system? The first rule of encryption is obviously to keep the key secure, not to write it on the document in plain text!

Tags: , , ,

Tags: , , ,
This entry was posted on Friday, November 17th, 2006 at 1:02 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “UK Passport Security Cracked”

  1. Steven Says:
    November 19th, 2006 at 4:18 pm

    It’s a pretty poor effort isn’t it?

    I’m no encryption expert, but there are well known solutions to problems like this. Public key cryptography, digital signatures etc. Web servers use these all the time, and they work as intended.

    ID cards and biometrics are a bad plan even if they work, but as usual, it appears that governments can’t implement IT projects competently, so this will just be a huge waste of money, and an invasion of everyone’s privacy.

Leave a Reply

Entries (RSS)