lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 30 Oct 2006 10:10:26 -0500
From: Michael Holstein <michael.holstein@...ohio.edu>
CC: full-disclosure@...ts.grok.org.uk
Subject: Re: RFID enabled e-passport skimming proof of
 concept code released (RFIDIOt)

That article focuses on Dutch passports, but in the US it's essentially 
the same.

>    The Passport number

a 10 digit number (I don't know where they start, but it certainly 
wasn't 0000000001).

>    The Date Of Birth of the holder

about 32,000 possibilities (assuming < 90yrs old)

>    The Expiry Date of the Passport

Passports are vaild for 10 years (for an adult in the US), and 
expiration is just MM/YYYY .. so that's only 120 possibilities.

A very small dictionary for "brute force" indeed, and I'd be happy to 
code such a routine.

Does anyone know if the chips in the latest passports (USA issue) 
prevent this sort of thing, or can you try keys as fast as the RF 
interface will permit?

Cheers,

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ