[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
- Subject: Re: [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
- From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
- Date: Mon, 30 Oct 2006 10:10:26 -0500
That article focuses on Dutch passports, but in the US it's essentially
the same.
> The Passport number
a 10 digit number (I don't know where they start, but it certainly
wasn't 0000000001).
> The Date Of Birth of the holder
about 32,000 possibilities (assuming < 90yrs old)
> The Expiry Date of the Passport
Passports are vaild for 10 years (for an adult in the US), and
expiration is just MM/YYYY .. so that's only 120 possibilities.
A very small dictionary for "brute force" indeed, and I'd be happy to
code such a routine.
Does anyone know if the chips in the latest passports (USA issue)
prevent this sort of thing, or can you try keys as fast as the RF
interface will permit?
Cheers,
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/