Tool to backup, modify and clone ePassport released
Ian Batten
ukcrypto at chiark.greenend.org.uk
Wed, 1 Oct 2008 13:34:52 +0100
On 01 Oct 08, at 1323, steve wrote:
> Hi,
>
> On Wed, Oct 01, 2008 at 01:01:48PM +0100, Ian Batten wrote:
>>>
>>>> would stop this. It's some memory. I can load bits into it. Why
>>>> wouldn't I be able to?
>>>
>>> First of all the data should only be readable by people who are
>>> authorized to read them.
>>
>>
>> What's the definition of `authorized'? I would argue that anyone to
>> whom I show my passport is authorized, because the data belongs to me
>> and I can authorize whoever I like to read it.
>
> absolutely. That's how it should be. Unfortunatly it's possible to
> ready
> the data from your epassport by anyone from 3 meter distance. Without
> you authorizing it or knowing it.
Except it's encrypted over the passport serial number, yes?
Anyway, it's hardly onerous to protect yourself against. http://www.smartcardfocus.com/shop/ilp/se
~59/p/
I keep all the Oystercards at home in those, and the passports now
some of us have RFID ones likewise. Although they live when not in
use in an effective Faraday cage (steel filing cabinet).
>
>>
>> one. What did you have in mind as `authorized'?
>
> Same what you thought: It's my data. I should be able to deny or allow
> access to this data.
>
>>> Not anyone with any kind of rfid reader
>>> without any kind of authentication.
>>
>> I think it's perfectly right that I should be able to use an RFID
>> reader to extract data from my passport, and my children's passports.
>
> yepp. you should be allowed to read them. In the end you own them.
> They
> are your data.
Exactly. So, how do you protect it against being read by other people?
ian