Are new passports safe?

There is an ongoing frenzy to implement new passports with biometric data and RFID capability. I won’t even start discussing why this sucks big time. Recently there was a news in Slovenia that we are going manufacturing such passports, too. Hura for us. And involved ministers assured that such passwords can’t be problematic even when dealing with hackers. Really? How can they be that sure?


http://www.itwire.com.au/content/view/5199/53/

4 thoughts on “Are new passports safe?

  1. Miha, sorry I think this post was under your level, unworthy of MVP and techno expert.
    Obviously Lukas Grunwald needs a HUGE publicity, otherwise nothing new for those who know technology behind e-pass.
    This “passport hacking” was very interesting for news&sensation hungry press in summer holidays time. At the same time comes very useful for “privacy backers” and “afraid-of-everything” people, so together it was a big story.
    see another view here
    http://www.rfidupdate.com/articles/index.php?id=1174&from=rss

  2. Hi Tomaz,

    Not sure why this post is so bad. ePassports might be problematic from many point of views.

    1. They are new and untested

    2. They might allow various (government and non) companies to track your movements (everybody can read RFID). Say goodbye to privacy (remember, you are supposed to carry passport with you when you are abroad).

    3. As we saw in that article, it is possible to clone the data. And this is only one case reported to the public. So, what happens if someone actually copies your passport and then somehow use it as it were you? How will you defend yourself when police knocks on your door? Remember, e-passports are 100% reliable.

    4. When the last generation of german currency bills came out they were publicised as "no-one-can-forge-them". So everybody was overconfident in their quality and didn't bother to check the bills at all. No need to mention that soon they had a mass amount of forged bills floating around.

    5. I am not an expert here, but what if someone steals the "private key" that is used to create a passport?

    6. Hey, cryptography is not 100% secure. Nobody ever prooved it. OTOH nobody ever prooved that it isn't secure. That's why is considered secure. However US is allowing IE to use 128 bit keys outside US. This might indicate that they are able to crack it in reasonable time.

    I could go on…

Leave a Reply