By Darren Pauli, 31 Oct 2014
The PLAID (Protocol for Lightweight Authentication of Identity) cryptography kit appears to be insecure.
PLAID is a homebrew cryptography system designed by Centrelink - the Australian government agency that shovels out tens of billions a year in welfare payments. The system has been considered for use by US government agencies.
The software offers a means of contactless authentication using smart cards and is designed not to leak identities to scammers with dodgy card readers.
The newly-disclosed flaws allow an attacker to fuzz cards in order to generate error messages. Attackers armed with a bushel of error messages could identify individual identity numbers.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.