Free government-penned crypto can swipe identities

  • 31 October 2014
  • 0 replies
  • 113 views

Userlevel 7
By Darren Pauli, 31 Oct 2014
 
The PLAID (Protocol for Lightweight Authentication of Identity) cryptography kit appears to be insecure.
PLAID is a homebrew cryptography system designed by Centrelink - the Australian government agency that shovels out tens of billions a year in welfare payments. The system has been considered for use by US government agencies.
 
The software offers a means of contactless authentication using smart cards and is designed not to leak identities to scammers with dodgy card readers.
The newly-disclosed flaws allow an attacker to fuzz cards in order to generate error messages. Attackers armed with a bushel of error messages could identify individual identity numbers.
 
Full Article

0 replies

Be the first to reply!

Reply