The Dutch passports have been cracked and can be read at a distance of over 30 feet.
And what information does the scanner get? Birth date, your picture, fingerprint. I'm a little unclear as to exactly how this is happening: it appears to me that they're intercepting the data flow when a bona fide scanner reads the passport (it doesn't require physical contact), they download the data then can crack it in about two hours because of a weak encryption scheme coupled with a weak passport numbering scheme being used by the Dutch.
If they are intercepting when it is being read by a scanner, then it's possible that you can't easily scan a crowd or drive by someone's house and scan from the street.
I'm a little intrigued by the concept of storing the actual fingerprint here. Disneyland has gone to a fingerprint system for their annual passes, but they don't per se store the fingerprint. They take readings from, let's say, ten different positions of your finger and store the characteristics of your fingerprint, not the actual print. When you re-scan your finger when you present your pass for admission, it re-calculates the signature of your fingerprint for comparision. Whereas no two fingerprints are alike, it is possible for two or more fingerprint 'signatures' to be alike, but it is highly unlikely.
http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/
Slashdot thread.
And what information does the scanner get? Birth date, your picture, fingerprint. I'm a little unclear as to exactly how this is happening: it appears to me that they're intercepting the data flow when a bona fide scanner reads the passport (it doesn't require physical contact), they download the data then can crack it in about two hours because of a weak encryption scheme coupled with a weak passport numbering scheme being used by the Dutch.
If they are intercepting when it is being read by a scanner, then it's possible that you can't easily scan a crowd or drive by someone's house and scan from the street.
I'm a little intrigued by the concept of storing the actual fingerprint here. Disneyland has gone to a fingerprint system for their annual passes, but they don't per se store the fingerprint. They take readings from, let's say, ten different positions of your finger and store the characteristics of your fingerprint, not the actual print. When you re-scan your finger when you present your pass for admission, it re-calculates the signature of your fingerprint for comparision. Whereas no two fingerprints are alike, it is possible for two or more fingerprint 'signatures' to be alike, but it is highly unlikely.
http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/
Slashdot thread.