New German Government ID Hacked By CCC

wiedzmin writes "Public broadcaster ARD's show 'Plusminus' teamed up with the known hacker organization 'Chaos Computer Club' (CCC) to find out how secure the controversial new radio-frequency (RFID) chips were. The report shows how they used the basic new home scanners that will go along with the cards (for use with home computers to process the personal data for official government business) to demonstrate that scammers would have few problems extracting personal information. This includes two fingerprint scans and a new six-digit PIN meant to be used as a digital signature for official government business and beyond." That was quick. Earlier this year, CCC hackers demonstrated vulnerabilities in German airport IDs, too.

OpenPGP

[axx]

Sometimes I wonder why it isn't possible to declare/register a PGP public key as official, and use that to authentify oneself. I mean, with that even email can be secure. Oh well, too complicated for the "general public" I guess, I mean keeping a spare of your (digital) key? That's far too complicated!

Re:OpenPGP

[Chris+Mattern]

Oh well, too complicated for the "general public" I guess, I mean keeping a spare of your (digital) key? That's far too complicated!

Keeping a copy of your private key *securely*. Yes, it's been amply demonstrated that nothing left under the control of the average user can be counted on to stay secure. And once someone else gets access to your private key, you're royally screwed.

Re:OpenPGP

[Monkeedude1212]

Yes, it's been amply demonstrated that nothing left under the control of the average user can be counted on to stay secure.

It's because the "average user" has a girlfriend who can't keep a damn secret.

Luckily - we don't have that problem.

Re:OpenPGP

That's not an insurmountable problem, however. Indeed, it's more or less the same problem that any of these sorts of devices/designs (secure IDs) will face. Using asymmetric encryption just provides a better base. Also, the solution is already halfway complete:
http://en.wikipedia.org/wiki/Smart_Card#Cryptographic_smart_cards

Re:OpenPGP

Private keys have passwords which *should* protect the key if someone gets a hold your private key.

Ofc, if you're dumb enough to have no password or something that can easily be bruteforced, then it's your problem.

Re:OpenPGP

My girlfriend would never do that to me! Of course, that's a physical impossibility, because she's imaginary...

Re:OpenPGP

[mea37]

Right, for the government to expect you to keep a number secure, knowing that if that number were exposed then someone could steal your identity, and to then rely on that number to identify and authenticate someone wishing to do business with them; that would be unthinkable.

Re:OpenPGP

[electricprof]

Aren't girlfriends creatures of myth like Santa Claus, the Easter Bunny and Honest Lawyers?

Re:OpenPGP

[LordKronos]

And once someone else gets access to your private key, you're royally screwed.

Royally screwed? I thought that's what key revocation was for. With PGP, you just revoke the old, generate a new key, and you are good to go from there on out. But how exactly do you revoke and reissue fingerprints?

Re:OpenPGP

[fluffy99]

Even smartcards, which never expose the private key are at risk. If you have a compromised computer, someone can remotely use your smartcard whenever its inserted into the machine. Even hardware tokens with changing values are at risk to a keylogger and a script that fires off before the toekn pin changes.

It all boils down to the fact that if the computer isn't trustworthy, then anything you put in the computer is at risk.

Re:OpenPGP

[Dumnezeu]

In support of the parent post: can you even trust your own hardware? I remember a recent story on Slashdot regarding some common computer hardware (a video or a network card) had its firmware infected with a trojan. And even more recently, a company accidentally released a software update that was infected with a virus (the machine they used to compile was infected, so the compiled .exe got infected as well).

Re:OpenPGP

[snspdaarf]

Aren't girlfriends creatures of myth like Santa Claus, the Easter Bunny and Honest Lawyers?

And pumas. Don't forget pumas.

Re:OpenPGP

[Dreadrik]

Especially with your fingertips cut off.

Re:OpenPGP

[men0s]

Oblig RvB:

Sarge: What in Sam Hell is a 'Puma'?
Simmons: Uhh, you mean like the shoe company?
Grif: No. Like a Puma. It's a big cat, it's like a lion.
Sarge: You're making that up.
Grif: I'm telling you, it's a real animal.
Sarge: Simmons, I want you to poison Grif's next meal.
Simmons: Yes sir!
Sarge: Look, see these two tow hooks? They look like tusks, and what kind of animal has tusks?
Grif: A walrus.
Sarge: Didn't I just tell you to stop making up animals?!

Re:OpenPGP

[Yvanhoe]

If the ID gets stolen, then cancel it by proving your identity with a fingerprint/iris scanner at your police station. You'll get another one and the public databases will be refreshed.

The system is not completly trivial, but it is not exactly rocket science either...

Re:OpenPGP

[jjinco33]

Painfully.

Re:OpenPGP

But that would mean there had to be a central database containing the fingerprints and identities of all citizens.
Isn't that exactly what people are trying to avoid?

Re:OpenPGP

[tqk]

Oblig RvB: ...

Sarge: Didn't I just tell you to stop making up animals?!

Would you people please stop making up TLAs!?! WTF is RvB?!? Grumble, mumble, ...

Re:OpenPGP

Oblig RvB: ...

Sarge: Didn't I just tell you to stop making up animals?!

Would you people please stop making up TLAs!?! WTF is RvB?!? Grumble, mumble, ...

IIRC ;-)
Red vs Blue

Re:OpenPGP

And once someone else gets access to your private key, you're royally screwed.

Royally screwed? I thought that's what key revocation was for. With PGP, you just revoke the old, generate a new key, and you are good to go from there on out. But how exactly do you revoke and reissue fingerprints?

In that case you have to burn your finger and get a skin transplant from your rear.
Well, does that technically then still count as fingerprint, or is that a assprint?

Now just imagine you wanna hold a girls hand and she yelling at you:
"HANDS OFF MY ASS"

Re:OpenPGP

Sometimes I wonder why it isn't possible to declare/register a PGP public key as official, and use that to authentify oneself.
I mean, with that even email can be secure.

Oh well, too complicated for the "general public" I guess, I mean keeping a spare of your (digital) key? That's far too complicated!

You want an easy answer?
Show me a government that would desperately like you to have something they can't hack. And I'm not talking about the front page news about how your government is concerned about your privacy.
Yes they do (probably/hopefully) want you to be safe from fraud, (identity) theft, etc etc etc. But put it to you this way. Does your government like you to have a secure door/windows at home that keeps burglars out? And tries to provide you with information on how to discourage break ins? They probably do.
But would they want door that can't be opened by third-party at all? No. Otherwise they couldn't get in themselves in case you are a bad boy and they want to install some bugs in your house.

OK, bad example, I might have watched too many spy movies. But you get the point.

Re:OpenPGP

[Yvanhoe]

Isn't that, exactly, what biometric passports are ? Anyway I don't understand the fears about that. I would like to be able to prove reliably my identity and citizenship. The ability to do so is not the problem, it is to make identity tests abusively mandatory that is. The problem, however, is already here. We have to prove identity many times and we do that through insecure means. Having a secure way won't change the abuses much and will make identity theft much more difficult.

Re:OpenPGP

[mlts]

Even better, why not go to a true PKI infrastructure?

User gets a smart card, the government certifies the smart card is his/hers, and other authorities sign certificates relating to that person (like the person graduated, is over the age of 21, is able to drive, is not a felon, etc.) For things like criminal record status, those certificates could be SLCs refreshed daily or hourly (which is better than worrying about a CRL mechanism.)

Lost smart card? The user previously saves a revocation certificate which is then pushed out, then the user gets another card and gets it re-signed with certificates.

This would be a privacy boon. A bar can scan the smart card, notice there is a cert saying the guy is over 21, and that is enough information under the law to allow someone to drink. No need to know the person's address, birth date, or other information.

Same with getting a job. There can be certificates saying the person isn't a felon, has graduated from college at a certain time, etc. No other prying info needs to be dug up, because those certs (assuming a solid CA trustworthiness chain) prove the critical bits of info.

Of course, this would kill ID theft. Someone applies for a bank account with someone's name, bank asks that a random nonce be signed with key id 0xdeadbeef with a fingerprint of $WHATEVER and a 8192 bit keylength. It is extremely doubtful the ID thief would be able to be able to sign the nonce. Instead, the thieves would have to attack the endpoints (cards and users), the PKI structure, or the crypto algorithms themselves in order to impersonate someone.

Re:OpenPGP

[Agripa]

Sometimes I wonder why it isn't possible to declare/register a PGP public key as official, and use that to authentify oneself. I mean, with that even email can be secure. Oh well, too complicated for the "general public" I guess, I mean keeping a spare of your (digital) key? That's far too complicated!

It is not possible because then the government would not be able to forge authentication in your name when needed. It is the same reason security certificates must be centrally managed.

Re:OpenPGP

[mlts]

That is why I use eTokens for my PGP keys. I have mine configured so a few guesses will lock the user password, a few more will lock the admin password and render the data on the token permanently unusable unless someone has a chip fab with uncapping facilities at their disposal.

Trick is to have multiple tokens, and at least two keys. One key is generated on the token, and another key is copied onto all the tokens. This way, one can encrypt data with just the token-generated keys, as well as use the key that was copied onto it as the private key for E-mail. Since all the keys are allowed to revoke each other, if one of the eTokens gets lost or destroyed, that key can be marked as unusable and life go on with the remaining cards.

Reducing the amount of guesses on a passphrase to only a few pretty much gets rid of the brute force issue. Of course, someone can rubber-hose the passphrase, but that is a different issue altogether.

Alle Ihre Passe sind gehoren uns

Alle Ihre Pässe sind gehören uns

Yes, that is what you think it is: A corrupt translation of a corrupt translation.

Re:Alle Ihre Passe sind gehoren uns

[Sique]

I like how your translation preserves the bad grammar of the original.

three courses of action...

[gandhi_2]

1: fix the problems.
2: abandon the plan.
3: arrest the people who embarrassed you, suppress any mention of the incidents.

Hmmm... let's see...

Re:three courses of action...

4. Get it on an episode of Mythbusters...

Re:three courses of action...

4. Get it on an episode of Mythbusters...

That's basically #3, they'd just be censored instead of arrested, like that time with the credit cards.

Re:three courses of action...

[electricprof]

Number 3 is the only feasible choice of course ...

Re:three courses of action...

5: ... 6: Profit

Re:three courses of action...

[interval1066]

You left some crucial steps;

1: fix the problems.
2: abandon the plan.
3: arrest the people who embarrassed you, suppress any mention of the incidents.
4: ???
5: PROFIT!

Re:three courses of action...

[Jesus_666]

I assume they'll go with option 4: Ignore that anything happened. Maybe they'll play it down in the media. Either way they'll all act very surprised when someone manages to break the cards once they're out in the wild.

Re:three courses of action...

And you failed for interpreting a multiple choice question as a series of steps.

A sound har-de-har-har from me.

But please do note that at least the Germans know how to do it thoroughly: They'd give you a home reader with it, so you can actually use that card and incidentally also see what's on it. Oh, and pwn the crap out of it, but that's courtesy the CCC.

6 digit PIN != secure

The agency's personal identification expert Jens Bender said the card was secure[,] and called the combination of an integrated chip with a PIN number a "significant security improvement compared to today's standard process of user name and password."

This is COMPLETELY the wrong way to do it. First, 6 digits is not secure, and can easily be bruteforced. It's much less secure than a long password.

Second, the article says that the 6 digit PIN can be used for digital signatures - how is that possible? If the government gives a citizen a document to digitally sign, and the citizen returns the 6 digit PIN, then the government could say that it sent ANY document to the citizen, and the citizen digitally signed it, because the signature isn't unique to the document. They should be using 4096 bit RSA for digital signatures, where the signature is unique to the document. Then, if the government switches out the document, to try to forge a signature, the signature will be invalid.

Why haven't gubbermints...

[TDyl]

Why haven't gubbermints already gone the whole 666 route and forced us to get barcode tat's at birth? Being British I'm surprised the Blair government didn't suggest this instead of their failed ID card idea.

Re:Why haven't gubbermints...

Why haven't gubbermints already gone the whole 666 route and forced us to get barcode tat's at birth? Being British I'm surprised the Blair government didn't suggest this instead of their failed ID card idea.

Because then they can't lie to us the whole time about their real motives, but of you already knew that and I am just answering a rhetorical question. Do you honestly think that God fearing Christians, like myself, wouldn't grab their guns en masse and hunt down those would dare do such a thing?

Re:Why haven't gubbermints...

They have, they just use special invisible tattooing ink that can be read by satellites.

Re:Why haven't gubbermints...

[electricprof]

This has been considered in the US. We tried bar codes on a baby's backside. Unfortunately, with our average diet, the bar code expands in size exponentially over time requiring unacceptably large readers.

Re:Why haven't gubbermints...

[negRo_slim]

Why on earth would you need a bar code when your very DNA will suffice?

Re:Why haven't gubbermints...

The reason is simple. Barcode is cheap, there would be hardly any money made with this. The main reason why the new ID had to use RFID was because that way the ID costs more. Also it creates a new market for the RFID readers.

I really don't think our government is that malicious. Most malicious actions can be attributed to two things: money and popularity. They just don't care for the side effects, or are too ignorant to see them.

In about 3 years I have to get a new ID. My concerns about it will be relieved by either a microwave or maybe just a layer of tinfoil. Even encrypted data can be used for tracking purposes. That is why RFID is a stupid idea all around and I don't even care what data is stored on it. I would fear for the uninformed masses that don't know of the risk of that. But they use payback cards and Facebook and all hat shit so there isn't much that isn't tracked of them anyway.

Re:Why haven't gubbermints...

[jgtg32a]

DNA scans take a long time

RFID is not secure

Never was, Never will. It is this by design. There are some measures to make things more difficult, but RFID was designed above all else to be a cheap transmitter. Why it was chosen to be a security token is beyond me.

Re:RFID is not secure

This has nothing to do with RFID. It's about typing a PIN or password on a computer with a key logger trojan.

PGP not a panacea

[perpenso]

Sometimes I wonder why it isn't possible to declare/register a PGP public key as official, and use that to authentify oneself. I mean, with that even email can be secure.

An imperfect systems can still be useful. If card/scanner misuse is on the order of handwritten signature misuse then replacing dead trees with some bits might be a good idea in many situations.

The pgp digital sig proves it was sent by your computer perhaps, but not necessarily sent by you. There is a genuine need for biometrics to be involved. Note that a handwritten signature is a form of biometric ID and like the card/scanner system it can be faked. This is why for more important situations a signature must be witnessed and possible notarized. The card/scanner system can similarly escalate the process for more important situation. For example when someone uses a bank's ATM a swipe and a pin are sufficient. When they walk up to a teller for larger transactions then a swipe and a pin could be augmented with a photo being displayed on the teller's screen. Banks often have such photos for embedding into ATM and credit cards.

Re:PGP not a panacea

[malloc]

The pgp digital sig proves it was sent by your computer, or any other digital device in the universe that has a copy of your key , but not necessarily sent by you.

FTFY.

Well duh.

[Toasterboy]

Whoever designed the system is terrible at computer science.

These are home users, using a government provider scanner, and id card, and a key.

Would be pretty easy to build a rootkit filter driver that steals the data off the card during legitimate transactions, along with a keylogger. At that point, you can pretty much remotely impersonate anyone whom you've rootkitted. Doesn't matter how secure the back end is because you can easily dupe the scanner side.

Terrible, terrible design by idiots....you can't trust home user systems to be clean of rootkits.

Re:Well duh.

[lennier1]

You're talking about the same government whose politicians during the national election thought a mere DNS-based filter could stop the problem of child pornography on the net.

Re:Well duh.

[Rakishi]

Exactly.

The minimum proper security required for home computer use is something like an RSA key. An even more secure method has each action validated by the card (ie: for a bank, enter transaction amount on card's keypad, enter confirmation number in webpage.).

Well, to be fair...

There are several classes of card readers you can use to insert your card at home and identify yourself with a six-digit PIN.

The reader of the lowest security class ('basic') uses the PC keyboard, while readers of higher security classes use their own number keypad.

If I am not mistaken, CCC has shown that using the 'basic' card reader, somebody can get your PIN number - if your PC is infected by a trojan which logs your key strokes. That is more a general problem with trojan infected PCs, not with the new ID card system.

IMHO, if this is the only problem the CCC came up with, that is almost a bit encouraging. The only "scandal" here is that the government wants to distribute a certain number of free starter sets - which of course contain the cheapest, 'basic', insecure reader.

Re:Well, to be fair...

[godel_56]

I've often thought we should establish a standard where the keyboard of a desktop computer can be used as a smart terminal when doing secure transactions.

The keyboard manufacturers such as Logitech and Microsoft would build the basic carcass to match a standard and the regulatory authority would provide a secure plug-in encrypting module. When you flip a switch the the keyboard would turn into a smart terminal with a small LCD screen and the main computer would be relegated to a communications device.

Key loggers would be SOL and if you provide the right transaction information, displayed on the inbuilt LCD screen, you could make it difficult for "Man in the middle" attacks

Ugh: Identification vs authentication

[jwiegley]

When the hell are security "professionals" going to wake up and realize that secure access to something requires three items: identification, authentication and authorization. You CANNOT store the authentication credential with the identification. It is 100% stupid to store the pin on the identification device. Authentication credentials and authorization decisions must be kept by, and made by, the service provider. The only item that should be left with the consumer is an identification badge.

For instance, a national "ID Card" is actually a good thing IF the only thing it has stored on it or about it is the owners identification, i.e. name and unique ID number. The ONLY thing the card should provide is a way to contact a national database/server which requires two things, the unique, public ID number from the card and a fingerprint (which is NOT stored or printed on the card in any way). The ONLY information the server should return is "Yes" or "No". But see... the fingerprint cannot be stored on the card in way for the same reason that the pin in the post should never be stored on the card. If somebody other than the legitimate owner comes into possession of the card then he possesses both the identification AND the authentication pieces of the puzzle and can do whatever the legitimate owner was authorized to do.

Security: it's simple. f*cking learn it.

Re:Ugh: Identification vs authentication

The PIN is not stored on the card. The whole summary is quite misleading.

- This is not about extracting information from the ID card (be it PINs, finger prints or whatever)
- it has nothing to do with the RFID chip

What the CCC demonstrated is that, by typing your PIN on your PC keyboard, it can be logged by a key logger if your PC is infected by such a program.

The main problem is that the government wants to distribute "starter kits" with a simple card reader making use of the PC keyboard to enter the PIN. More secure (and a bit more expensive) card readers with their own keypad eliminate this problem.

Re:Ugh: Identification vs authentication

[wiedzmin]

Now if only security professionals were involved in making top-level (government) decisions, we'd be set. Unfortunately these are made by sales and marketing people - the solution that gets implemented is the one that 'wins the contract', not the one that works the best... unfortunately security professionals and technical people do not make best salesmen. All too often a contract is won because of a good game of golf, or a sexy slide deck.

Re:Ugh: Identification vs authentication

[cdrguru]

Not entirely a bad idea, but the concept behind storing the information on the device itself is so that nobody except the owner has possession of it. And, in theory, every authorized agency has immediate access to the information if they have physical access to the device.

The alternative is a massive database that virtually every government agency needs to access with everyone's information in it. Data mining that carries substantial risks but is an opportunity that just couldn't be denied. Also, because of the widely disparate agencies that need access what you end up with is something that is so open that everyone can get at it.

Think of the DMV data in the US. It is centralized by state but the police and DMV agents have access. As well as a few other agencies. Oh, and by the way, just about every private investigator has access. Now in most states because it was so wide open they got trapped into basically selling access subscriptions. So there are a few hundred organizations that pay for access to every state's records.

This is the scenario they are trying to avoid with having the person possess their own information and not having it in some large virtually uncontrollable database. Too many people need access - probably legitimately - but access for short periods of time for well defined purposes that happen to also include having the person in front of them.

The big national database might be a good idea, but the control and access problems have already been seen in way too many situations.

Re:Ugh: Identification vs authentication

US Transportation Worker Identity Cards (TWIC) carry the PIN and fingerprints on the card. The card readers at transportation terminals do not check any database, you just swipe your card and if you enter a PIN that matches the one on the card you are good to go.

Re:Ugh: Identification vs authentication

[JimBobJoe]

But see... the fingerprint cannot be stored on the card

Which naturally implies that you should do your best not to touch the card with your bare hands.

Re:Sheiser!

I think you have attacked the wrong article, Mr. Coward. And, nobody steals from Microsoft. Why would we want to move backwards, seeing how they are always playing catch-up.

6 digits but what base?

[davidwr]

6 digit base 10 may not be secure.

6 digit base *number of characters in all of the alphabets known to man even after eliminating potential look-alike characters like "l" and "1" and multi-glyph characters like the Spanish "ch"* or some other big number might be.

Re:6 digits but what base?

But my other point still stands. If it's completely unguessable, (e.g. 128 bits of entropy), then it's still vulnerable. What if you accidently give it to a phishing website? What if a malicious government employee gets it? Then, it's public forever. You can't get it back. If they used RSA to digitally sign, then you could broadcast the digital signature publicly over the unencrypted Internet, and nobody would be able to do anything with it, except verify that you truly had signed the document that you intended to sign. The secret key would stay safe with its owner, and nobody would ever see it.

Re:6 digits but what base?

[Urza9814]

They said 'digits', not 'characters', so it's generally safe to assume it's base 10. Either that, or somebody is an idiot. (which isn't that unlikely I suppose...)

lobby+bigmouthed politicians

[Torvac]

security experts have been telling them its shit and unsafe for years, but this is how lobby driven projects get pushed through. really a shame. and of course totally overpriced.

Your papers, please.

[slick7]

I guess that means the chipping of the populace just bit the dust.

Phone/Notebook Fingerprint Scanners?

[Doc+Ruby]

Do the fingerprint scanners embedded into some phones and notebooks actually work well to secure them?

Re:Phone/Notebook Fingerprint Scanners?

[Archangel+Michael]

According to Mythbusters (whatever you think of the show), getting a fingerprint is easy, and the scanners aren't that great at telling fakes from the real. You should watch that episode, it is quite revealing. The expensive scanner was worse than the one build into the laptop.

So, I wouldn't count on that to secure your Laptop/Phone.

Ve are happy to see you, Herr Gates

[WillAffleckUW]

It ist sehr gut to see you Herr Gates - your ID ist in order und your private jet ist fueled und ready now.

Here ist the stack of gold coins you requested prior to takeoff.

Haf a nice trip!

Auf weidersehn ...

Government's reply: Stick Head in Sand

[Posting=!Working]

"Meanwhile on Tuesday the Federal Office for Information Security (BSI) rejected the Plusminus' criticism of the new ID card. The agency's personal identification expert Jens Bender said the card was secure"

It's not secure. They just hacked it without special equipment, they used the scanner that you provide. Saying it's secure in response just means you're

Your ATM card doesn't have your pin on it. Neither does your credit card, or your student ID, employee ID, etc. unless someone really stupid designed the system. How does this get missed? Why are the fingerprint scans on there? Did more than one person look at the plan before they went ahead with it?

This is one of the largest mind-blowingly stupid decisions I've heard lately.

Re:Government's reply: Stick Head in Sand

[Peeteriz]

Your ATM card (any card of the currently used EMV chipcard standard) has knowledge of your pin embedded and can verify/authorize the PIN at an offline POS terminal without contacting the bank.

Re:Government's reply: Stick Head in Sand

[b0bby]

Most American cards are just plain magstripes, EMV chipcards haven't taken off here.

Re:Government's reply: Stick Head in Sand

[Posting=!Working]

This kind of large scale security fuckup has happened twice? Great.

I'm glad we don't have EMV chipcards or offline POS terminals over here. If someone has your card, they have all the information they need to take all the money in your account. Might as well skip the bank & ATMs and just carry all your cash with you.

How does this crap even get to the design stage?

Re:Government's reply: Stick Head in Sand

[Peeteriz]

It's far safer than magnetic cards; I've heard no fraud cases where the PIN has been successfully extracted from the chip or the chip data cloned - reading the chip's contents would generally be far more expensive than the maximum money limits on the card. Mag-stripe cards can be cloned by a cafe waiter or a tiny 10$ device hidden on an ATM and then your money used in any place that "verifies" only signatures.

Also for the ID card - if it has some way to send the fingerprint data or encryption key outwards, then that is a design fuckup; but if it is only able to verify pin and sign message packets with the key if the pin is valid, and permanently erase the key if pin is entered wrongly a few times, then the security is quite adequate.

Hmmm.

[Stupid+McStupidson]

A card that contains a digital copy of large amount of personal and private information? Given to every person? What's the worst that could happen?

Awesome

[DakotaSmith]

Awesome. Truly awesome.

Personally, I can't wait for the US Federal Government to require all individuals to have these types of IDs. They think they're going to exert control over me by always being able to track me.

But I know that hackers will figure these things out, and ultimately no door that needs an ID will be safe from me.

Oh, sure, the non-technical people will suffer. But me? I'm going to do the things none of the other serfs will be able to do. For them, the ID will be a prison. For me, it will be my ticket to go anywhere I feel like.

Bring it. :D

Good Thing Drivers Licenses Have No Hackable Data

Here in the U.S. our driver's license cards are impenetrable. While it's true that some have 2D bar codes on the backs of them, you can bet that that they're heavily encrypted and it's not possible to obtain any social security numbers or anything that could be used to steal someone's identity off them.

Why not base 20

I have 20 digits. Some people have 21 or more.

Fun with the interior minister

No all we need is to start distributing artificial gummy fingers using the fingerprints of Thomas de Maizière worldwide :)

the problem of 'security'

is that u need something heavily centralised.........
that means........super single point of failure........when it occurs.......the world ends.....

Tried and true German ID methods

The Germans should go back to basics.

Actually ...

[garry_g]

... it's not the ID card itself they managed to hack, but a basic reader ...
Germany planed on handing out free readers (something like 1 million of them) for the ID cards, enabling people to sign electronic messages and the likes ... Now, while the idea might sound good, they decided on giving out the cheapest kind of readers, which are basically JUST readers. They rely on the PC to enter the code for the card. This is where the attack was targeted - using some PC software, they managed to record the information sent to and from the reader. Once you have the code, you could then steal the ID and use it to fake your identity. More expensive readers have displays and keypads that keep all unlocking away from the actual PC, so keyloggers or similar won't be able to steal the code ...

they firmly denied

[MrKaos]

the existence of the Crazy Chaos C Compiler