Top 5 reasons to deploy VMware with Tegile <\/p>\n
The PLAID (Protocol for Lightweight Authentication of Identity) cryptography kit appears to be insecure. <\/p>\n
PLAID is a homebrew cryptography system designed by Centrelink - the Australian government agency that shovels out tens of billions a year in welfare payments. The system has been considered for use by US government agencies. <\/p>\n
The software offers a means of contactless authentication using smart cards and is designed not to leak identities to scammers with dodgy card readers. <\/p>\n
The newly-disclosed flaws allow an attacker to fuzz cards in order to generate error messages. Attackers armed with a bushel of error messages could identify individual identity numbers. <\/p>\n
Further problems identified included a lack of RSA padding leaving certain implementations of PLAID open RSA signature cloning in a mode similar to Bleichenbacher's attack, cryptographers Matthew Green and a team of eight colleagues from the universities of London and Darmstadt found. <\/p>\n
\"I figure if someone has to use 'free' to lure you in the door, there's a good chance they're waiting on the other side with a hammer and a bottle of chloroform, or whatever the cryptographic equivalent might be,\" Green said of a PLAID story broken by this correspondent in a previous life. <\/p>\n
\"A quick look at PLAID didn't disappoint. The designers used ECB like it was going out of style; did unadvisable things with RSA encryption, and that was only the beginning.\" <\/p>\n
Green offered a concise analysis of the recent university paper A Cryptographic Analysis of an ISO-standards-track Authentication Protocol. <\/p>\n
\"As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards,\" the researchers wrote. \"These techniques involve a novel application of standard statistical and data analysis techniques in cryptography.\" <\/p>\n
<\/p>\n