Name and birthday isn't enough entropy to resist even a naive brute force attack... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		AnthonyMouse on Dec 30, 2023 \| parent \| context \| favorite \| on: QR error correction helps and hinders scanning (20... Name and birthday isn't enough entropy to resist even a naive brute force attack. Why didn't they encrypt it with a random key and then put a QR code of the key on the inside of the passport? Or just use a magnetic stripe or similar instead of something that can be remotely accessed by an attacker?

lmz on Dec 30, 2023 [–]

It's not "encrypted by" but "authenticated by", see https://www.cs.ru.nl/~erikpoll/ufrj/C_ePassport.pdf slide 10 and 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact