Costs set to rule out register of fingerprints

Ian Brown ukcrypto at chiark.greenend.org.uk
Wed, 30 Jan 2008 12:15:33 +0000 

I don't think we are talking realistic threat models here.

Cheers,
Ian.
--
http://people.oii.ox.ac.uk/brown/


On 30 Jan 2008, at 11:57, Ian Batten wrote:

>
> On 30 Jan 08, at 1054, Ian Brown wrote:
>>
>> ICAO or another international organisation could act as a root  
>> certifier. Verifiers would then only need that public key to  
>> validate a signed issuing authority key.
>
> Yes, I can quite imagine that every country would be prepared to  
> sign up to a process where their passports were validated by an  
> international organisation.  I can also imagine that every country  
> would be entirely happy about a situation where the compromise of  
> an international organisation they have no control over would  
> compromise their entire passport process.   I doubt you could  
> persuade more than one of France, China, Russia or the USA to agree  
> to that.
>
>
>>
>>> including people with very well-resourced spook agencies.
>>
>> I'm not sure what difference this makes?
>
> It's taken for granted that attacking an RSA key pair without the  
> private key or the underlying primes is computationally  
> infeasible.  But factoring large composites isn't provably hard,  
> and deriving the private key from the public key isn't provably  
> equivalent to that problem anyway.  The USA, say, has a lot of  
> mathematicians, a lot of computers and a lot of money.  Why would  
> Putin agree?
>
> If a method to factor large composites in O(n) time arrived  
> tomorrow morning, it would be surprising, extraordinary and  
> shocking; it wouldn't, however, overturn any long-established  
> results.  And the NSA don't need O(n): they just need O(n^x) where  
> x is a bit less than your planning assumptions.  Crypto systems (as  
> we all know) are also not only attackable by brute force or via  
> clever attacks on the maths; there's a lot of other attacks on  
> implementation.  Again, the NSA might just have the people to look  
> at those attacks.
>
>>> do you want to bet your signature algorithm and technique  
>>> against, say, a fully resourced joint attack by the Chinese and  
>>> Russian governments?
>>
>> who have all sorts of other, probably easier, attacks available to  
>> them.
>
> Easier than compromising an official in the passport office of a  
> small African country where $1000 is lifetime's earnings, in  
> exchange for which you get the ability to fake the passports of  
> that country in arbitrary quantity?  That plays well for cover ---  
> your agents can travel on passports of another country.  And it  
> plays well as an attack --- once you've done it, you tell everyone  
> and watch all the citizens of that country become unable to  
> travel.   What would the USA do with the ability to produce  
> arbitrary numbers of Iranian passports, or the ability to render  
> all Iranian passports practically invalid?
>
> ian
>
>