Eggs. Basket.

One of the big problems with top-down, logical, designs for national identification systems is that they tend strongly towards a single point of failure.

Fatal crypto flaw in some [Taiwanese] government-certified smartcards makes forgery a snap.

Not the last story like this we’re going to see.

This entry was posted in ID Cards. Bookmark the permalink.

One Response to Eggs. Basket.

  1. Earl Killian says:

    It seems foolish to use public-key crypto for something like a public ID system. Were I designing such a system, I would have each card loaded with a million or so 512-bit random numbers, and on each query hand out the next one (each number is single-use). This would be sent to a government server which would hand back information about the cardholder that the entity making the query is authorized to receive. The only way to forge identities is to hack into the government servers, and that can be made more difficult by not connecting the machines that update the db to the internet (those machines periodically export a read-only db to the internet-connected servers).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.