Top 5 reasons to deploy VMware with Tegile
The PLAID (Protocol for Lightweight Authentication of Identity) cryptography kit appears to be insecure.
PLAID is a homebrew cryptography system designed by Centrelink - the Australian government agency that shovels out tens of billions a year in welfare payments. The system has been considered for use by US government agencies.
The software offers a means of contactless authentication using smart cards and is designed not to leak identities to scammers with dodgy card readers.
The newly-disclosed flaws allow an attacker to fuzz cards in order to generate error messages. Attackers armed with a bushel of error messages could identify individual identity numbers.
Further problems identified included a lack of RSA padding leaving certain implementations of PLAID open RSA signature cloning in a mode similar to Bleichenbacher's attack, cryptographers Matthew Green and a team of eight colleagues from the universities of London and Darmstadt found.
"I figure if someone has to use 'free' to lure you in the door, there's a good chance they're waiting on the other side with a hammer and a bottle of chloroform, or whatever the cryptographic equivalent might be," Green said of a PLAID story broken by this correspondent in a previous life.
"A quick look at PLAID didn't disappoint. The designers used ECB like it was going out of style; did unadvisable things with RSA encryption, and that was only the beginning."
Green offered a concise analysis of the recent university paper A Cryptographic Analysis of an ISO-standards-track Authentication Protocol.
"As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards," the researchers wrote. "These techniques involve a novel application of standard statistical and data analysis techniques in cryptography."
Read more:
Free government-penned crypto can swipe identities
- To Foil NSA Spies, Encrypt Everything [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- What is cryptography? - A Word Definition From the ... [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- cryptography: Definition from Answers.com [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Cryptography - Wikipedia, the free encyclopedia [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Cryptography - CISSP Domain 07 - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Cryptography Advanced Encryption Standard AES Tutorial,fips 197 - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Faraday Project for Network Security and Cryptography - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- An Overview of Cryptography - Gary C. Kessler [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- An Open Letter from US Researchers in Cryptography and ... [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Gambling with Secrets Part 4 8 Private Key Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Gambling with Secrets Part 1 8 What is Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Public Key Cryptography RSA Encryption Algorithm - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Public Key Cryptography Diffie Hellman Key Exchange - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Intro to Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Caesar Cipher Ancient Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- 50 top US cyber security experts write open letter calling for end to NSA 'snoop-ops' [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Prominent cryptography and security researchers deplore NSA's surveillance activities [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Obama Stays Silent on Reform of NSA's Crypto Subversion [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Cryptography experts sign open letter against NSA surveillance [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- US crypto researchers to NSA: If you must track, track responsibly [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Java Cryptography Architecture (JCA) Overview - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Cryptography - Part 1 - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Cryptography - Part 2 - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- International Journal on Cryptography and Information Security ( IJCIS) - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Bitcoin Lowdown: Block Chain Cryptography Trumps Human Trust, Deal With It - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Bitcoin Lowdown: Block Chain Cryptography Trumps Human Trust - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- NSA and GCHQ spoofed LinkedIn to hack Belgian cryptography professor [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Lecture 17: Elliptic Curve Cryptography (ECC) - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Cryptography event - Pravega 2014 - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- Lecture 1: Introduction to Cryptography - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- US and UK spy agencies accused of swoop on Belgian cryptography expert [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Conceal: Facebook's new Java APIs for cryptography on Android [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Cryptography Apps: How To Keep Your Personal Info Private [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Cryptography Breakthrough Could Make Software Unhackable [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Oi, Android devs! Facebook wants your apps to be more secure [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Lecture 19: Elgamal Digital Signature - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Lecture 18: Digital Signatures and Security Services - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Cryptography 1. List some of the attacks on the Diffie ... [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- Cryptography Breakthrough Could Make Software Unhackable ... [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- Cryptography: Secret Coding, Spying, and E-Commerce - Video [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- Cryptography - Video [Last Updated On: February 9th, 2014] [Originally Added On: February 9th, 2014]
- Public Key Cryptography: RSA Encryption Algorithm - Video [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
- Is Bitcoin Anonymous? Arvind Narayanan | Princeton University | Real World Cryptography Workshop - Video [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
- A Competitive Study of Cryptography Techniques over Block Cipher - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- How Quantum Computing Will Change Cryptography [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- REALITY LOST - EXCERPT SIX (QUANTUM CRYPTOGRAPHY) - Video [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- Introduction to Cryptography of Bitcoin, Explained! - Video [Last Updated On: February 18th, 2014] [Originally Added On: February 18th, 2014]
- [FOSDEM 2014] USE OTR or how we learned to start worrying and love cryptography - Video [Last Updated On: February 18th, 2014] [Originally Added On: February 18th, 2014]
- Reshif's Cryptography Challenge Solution/Walkthrough - Video [Last Updated On: February 20th, 2014] [Originally Added On: February 20th, 2014]
- [DEFCON 19] Steganography and Cryptography 101 - Video [Last Updated On: February 22nd, 2014] [Originally Added On: February 22nd, 2014]
- A Brief Rundown Of The Spying Questions Intel's CEO Won't Answer [Last Updated On: February 25th, 2014] [Originally Added On: February 25th, 2014]
- DEF CON 8 - Jon Erickson - Number Theory Complexity, Theory, Cryptography, and Quantum Computing. - Video [Last Updated On: February 26th, 2014] [Originally Added On: February 26th, 2014]
- Was YOUR iPhone at risk of being hacked? Bug in Apple update left mobiles open to identity theft for up to 18 months ... [Last Updated On: February 27th, 2014] [Originally Added On: February 27th, 2014]
- Security researchers urge tech companies to explain their cryptographic choices [Last Updated On: February 27th, 2014] [Originally Added On: February 27th, 2014]
- Apple reveals algorithm behind 'encrypted' iMessages [Last Updated On: February 28th, 2014] [Originally Added On: February 28th, 2014]
- Wiliest Ways to Keep the NSA at Bay [Last Updated On: March 1st, 2014] [Originally Added On: March 1st, 2014]
- How to Pronounce Cryptography - Video [Last Updated On: March 1st, 2014] [Originally Added On: March 1st, 2014]
- cryptography in DNS - Video [Last Updated On: March 3rd, 2014] [Originally Added On: March 3rd, 2014]
- Who is the reclusive billionaire creator of Bitcoin? [Last Updated On: March 4th, 2014] [Originally Added On: March 4th, 2014]
- How to say cryptography in Italian - Video [Last Updated On: March 4th, 2014] [Originally Added On: March 4th, 2014]
- Massive Linux security flaw dwarfs Appleās cryptography problems of just last week [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
- Security lessons from RSA [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
- Visual Cryptography - Video [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
- Classical Computing Embraces Quantum Ideas [Last Updated On: March 6th, 2014] [Originally Added On: March 6th, 2014]
- Quantum Cryptography Conquers Noise Problem [Last Updated On: March 6th, 2014] [Originally Added On: March 6th, 2014]
- REALITY LOST Bonus scene 4. Quantum cryptography Founding Fathers. - Video [Last Updated On: March 7th, 2014] [Originally Added On: March 7th, 2014]
- Quantum Cryptography: From Theory to Practice - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- Forcing Trust: Nonlocal Games and Untrusted-device Cryptography - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- TrustyCon 2014 - New Frontiers in Cryptography - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- REALITY LOST Bonus scene 3. Christian Kurtsiefer on hacking quantum cryptography. - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- Nerlens Noel Tweets Date for Potential NBA Debut [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
- CISSP SG Cryptography - Video [Last Updated On: March 10th, 2014] [Originally Added On: March 10th, 2014]
- More secure communications thanks to quantum physics [Last Updated On: March 13th, 2014] [Originally Added On: March 13th, 2014]
- New Cryptography Scheme Secured By Quantum Physics [Last Updated On: March 13th, 2014] [Originally Added On: March 13th, 2014]
- History Of Cryptography - Video [Last Updated On: March 14th, 2014] [Originally Added On: March 14th, 2014]
- avc 19 Cryptography x264 - Video [Last Updated On: March 15th, 2014] [Originally Added On: March 15th, 2014]
- Edward Snowden Speaks at SXSW [Last Updated On: April 10th, 2017] [Originally Added On: March 15th, 2014]
- Tor is building an anonymous instant messenger [Last Updated On: April 10th, 2017] [Originally Added On: March 15th, 2014]
- learn cryptography learn the following pkcs refrences - Video [Last Updated On: March 16th, 2014] [Originally Added On: March 16th, 2014]
- [Lec-2][Part-2] Shift Cipher - Symmetric ciphers - Video [Last Updated On: March 16th, 2014] [Originally Added On: March 16th, 2014]