Most active commenters

    ←back to thread

    Reading NFC Passport Chips in Linux

    (shkspr.mobi)
    290 points robin_reala | 21 comments | 25 Jun 25 07:33 UTC | HN request time: 1.523s | source | bottom
    1. wkat4242 ◴[25 Jun 25 10:20 UTC] No.44375589[source]
    Many passports also contain digitized fingerprint scans. But those are even harder to access. You need a private key that only governments have.
    replies(2): >>44376354 #>>44377674 #
    2. aneutron ◴[25 Jun 25 12:09 UTC] No.44376354[source]
    Sounds fairly sensible to me
    replies(2): >>44378276 #>>44381105 #
    3. jwr ◴[25 Jun 25 14:23 UTC] No.44377674[source]
    > that only governments have

    :-)

    replies(2): >>44377814 #>>44377820 #
    4. muhehe ◴[25 Jun 25 14:34 UTC] No.44377814[source]
    Do share :)
    5. connicpu ◴[25 Jun 25 14:34 UTC] No.44377820[source]
    A corrupt government official selling a copy of that key to the highest bidder just sounds like the free market to me /s
    replies(3): >>44378535 #>>44379278 #>>44380483 #
    6. heavyset_go ◴[25 Jun 25 15:12 UTC] No.44378276[source]
    If it's truly sensitive data, encrypting with a unique private key and locking that with a PIN a la FIDO via NFC would be a bit more secure.

    One master key leak and everyone is walking around with IDs that give away sensitive data over RFID.

    replies(1): >>44381283 #
    7. belter ◴[25 Jun 25 15:38 UTC] No.44378535{3}[source]
    "Dutch journalist buys fake Syrian passport with prime minister’s photo" - https://www.dutchnews.nl/2015/09/dutch-journalist-buys-fake-...
    replies(1): >>44379306 #
    8. charcircuit ◴[25 Jun 25 16:42 UTC] No.44379278{3}[source]
    Why would they make such an important key be copyable?
    replies(2): >>44379843 #>>44380875 #
    9. victorbjorklund ◴[25 Jun 25 16:44 UTC] No.44379306{4}[source]
    does not say anything about it passing digital checks
    10. lxgr ◴[25 Jun 25 17:33 UTC] No.44379843{4}[source]
    To be useful, that key needs to be present in countless border checkpoint or even police devices, so it's inherently very hard to keep secret.

    That's a known trade-off, and I believe some countries accordingly restrict access to their own national authorities (which usually already have access to that data via other means, since they're issuing the document).

    replies(1): >>44381275 #
    11. BuyMyBitcoins ◴[25 Jun 25 18:33 UTC] No.44380483{3}[source]
    It’s obviously not a free market. You have to bribe someone, which is by definition not free. /s
    replies(1): >>44380870 #
    12. connicpu ◴[25 Jun 25 19:10 UTC] No.44380870{4}[source]
    Free as in freedom ;)
    13. hamburglar ◴[25 Jun 25 19:11 UTC] No.44380875{4}[source]
    The way computer security people and government officials understand keys and key handling practices is vastly different.
    14. timewizard ◴[25 Jun 25 19:37 UTC] No.44381105[source]
    "Many passports also contain your computer password. But those are even harder to access. You need a private key that only governments have."

    Still reasonable?

    replies(1): >>44394763 #
    15. Nextgrid ◴[25 Jun 25 19:58 UTC] No.44381275{5}[source]
    You wouldn't need the key to be copyable though - it can be an online check - ie. passport sends challenge, terminal sends challenge to government-hosted HSM, HSM sends response.
    replies(2): >>44381595 #>>44381859 #
    16. Nextgrid ◴[25 Jun 25 19:58 UTC] No.44381283{3}[source]
    > sensitive data

    "Sensitive" data that you already leave on everything you touch.

    replies(1): >>44381347 #
    17. heavyset_go ◴[25 Jun 25 20:06 UTC] No.44381347{4}[source]
    You leave your DNA everywhere, too, but there are data security and privacy implications of digitizing that data and voluntarily/involuntarily sharing it with others.
    18. lxgr ◴[25 Jun 25 20:37 UTC] No.44381595{6}[source]
    Good point, but that's in the end a typical availability/security tradeoff, and I could imagine that at least some verifying authorities would rather err on the side of the former.
    19. chrisandchris ◴[25 Jun 25 21:09 UTC] No.44381859{6}[source]
    Imagine, there are a lot of borders and pösces where duch control happens where internet is not guaranteed.
    20. aneutron ◴[27 Jun 25 08:02 UTC] No.44394763{3}[source]
    If you think of your fingerprint as a "secret", you're wrong. It's more your name. That would be like saying your face is a secret. It's not.
    replies(1): >>44398864 #
    21. timewizard ◴[27 Jun 25 17:58 UTC] No.44398864{4}[source]
    > If you think of your fingerprint as a "secret",

    I can unlock my laptop with just a fingerprint. Whether or not we believe this the implementation already exists.

    > It's more your name.

    I can change my name. Can I change my fingerprints?

    > That would be like saying your face is a secret.

    I can unlock my phone with my face. Whether or not we believe this the implementation already exists.

    > It's not.

    Let's discuss the real world and not the ideal fantasy.