lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 30 Oct 2006 16:19:09 +0000
From: Adam Laurie <adam.laurie@...bunker.net>
To: Michael Holstein <michael.holstein@...ohio.edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: RFID enabled e-passport skimming proof of
 concept code released (RFIDIOt)

Michael Holstein wrote:
> That article focuses on Dutch passports, but in the US it's essentially 
> the same.
> 
>>    The Passport number
> 
> a 10 digit number (I don't know where they start, but it certainly 
> wasn't 0000000001).

If they're sequential, we only need to know where they start once the 
chips are installed, assuming you get a new passport number when you 
renew (as you do in th UK).

> 
>>    The Date Of Birth of the holder
> 
> about 32,000 possibilities (assuming < 90yrs old)
> 
>>    The Expiry Date of the Passport
> 
> Passports are vaild for 10 years (for an adult in the US), and 
> expiration is just MM/YYYY .. so that's only 120 possibilities.

Currently even less, since, again, it will expire 10 years from the date 
chips were first installed, so here in the UK there is only one valid 
year so far, so only 12 possibilities.

> 
> A very small dictionary for "brute force" indeed, and I'd be happy to 
> code such a routine.

Thanks for the offer, but I'm already pretty much there... It'll be in 
the next release... :)

> 
> Does anyone know if the chips in the latest passports (USA issue) 
> prevent this sort of thing, or can you try keys as fast as the RF 
> interface will permit?

There is nothing in the standard to require anti-bruteforcing mechanisms 
such as timing backoffs etc., and although I haven't done exhaustive 
tests on this, trying multiple wrong keys doesn't seem to have any bad 
effect on a UK passport.

Using my python library I get about 3 tries per second, but I expect 
that speed could be improved...

cheers,
Adam
-- 
Adam Laurie                         Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd.      Fax: +44 (0) 1304 814899
Ash Radar Station                   http://www.thebunker.net
Marshborough Road
Sandwich                            mailto:adam@...bunker.net
Kent
CT13 0PL
UNITED KINGDOM                      PGP key on keyservers

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ