Skip to main content

Posts

Showing posts with the label smart card

Australian Department of Human Services Releases an Auth Mechanism Called PLAID and it Stinks

Recently a division of the Australian Department of Human Services released an authentication mechanism to secure smart card transactions. They named their creation Protocol for Lightweight Authentication of Identity, or PLAID. The plan was to allow other Australian government agencies to use the auth protocol for free. Feeling very sure of themselves, Ozzy's DHS released the protocol for inspection. A group of cryptographers from two universities stepped up to do the deed. The Information Security Group of Royal Holloway, University of London was one such school. Representing the Continent was Cryptoplexity of Technische Universität Darmstadt, Germany. And do the deed they did. As it turns out, PLAID is a lemon. It does just about everything wrong. It implements an RSA encryption function poorly, which is a bit suspicious given RSA's recent history with that Five Eyes Intelligence service from the Western hemisphere we all love to hate, the NSA. Beyond that, the function i