RFIDIOts mandating insecure RFID passports
Nice proof of concept code that can read passport data posted to BUGTRAQ. The "key" is comprised of data on the passport itself so you can remotely decrypt someone's data only if you know this information, or can brute-force it since it is a small keyspace:
The Passport number
The Date Of Birth of the holder
The Expiry Date of the Passport
Bruce Schneier advises US passport holders to renew your passport NOW before the RFID requirement goes into effect so you can avoid being tracked or hunted down in our country or a foreign country. Otherwise, how will you still be able to claim you're a Canadian in foreign countries?
The latest version of RFIDIOt, the open-source python library for RFID
exploration/manipulation, contains code that implements the ICAO 9303
standard for Machine Readable Travel Documents in the form of a test
program called 'mrpkey.py'.
This program will exchange crypto keys with the passport and read and
display the contents therein, including the facial image and the
personal data printed in the passport.
Also see this news story.