Originally Posted by
JaggedMind
The problem I see is that this is going to be seen as such a fun challenge to hackers and crackers that an actual boarding pass generator program will be created and passed around in no time. A small amount of known data being encrypted with constant keys with loads of samples available is a small task to crack in today's world.
To make this pretty much secure you need:
- Passes checked against airlines' systems in real-time.
- Encryption keys updated often (weekly or sooner).
- Use stronger encryption or encrypt lots of extra "junk" data. This is probably not possible while keeping the decryption time low and the barcode within the size requirements.
And there is always the possibility of something like the TSA's copy of all the airline keys getting loose some day.
I was going to suggest that asymmetric key encryption is likely going to be used here (thus obviating the issue of the TSA losing the airline keys), but I then realized that the size of the keys (at least 128 bytes) is not going to lend itself to a BP as you pointed out. So I agree. This is the clipper chip fiasco all over again.
Another problem is that the airline changes the key, the pax generates a BP from the new key, and the TSA in Dogpatch Municipal airport didn't get the update. Pax is hauled away as a terrorist. Or the pax generates the BP from the old key, key is updated, and Dogpatch gets the update but does not have the old key. Same result.
At best, when a key update fails, the airport becomes a nightmare as pax go back to the check in counter to get new BPs. The airlines have long since re-aligned their (i.e. reduced) their staffing based on the assumption that most pax get BPs from a kiosk or PC. So the TSA will likely give up on descrypting BPs on days when the key update fails. Obvious avenue for a mischief maker.
Originally Posted by
jkhuggins
Because the airline won't sell you one if you're on the no-fly list, and if you're on the selectee list, you'll get the magic SSSS tag on it, which will make it that much harder to get into the secure area with Bad Things(TM).
If you're going to have a no-fly/selectee list, then you have to have boarding passes which (mostly) can't be forged, and a way to verify that the person carrying the boarding pass is, in fact, the person named on the boarding pass. TSA has (essentially) done the latter already by (almost) requiring passengers to present an identity card at the checkpoint.
Again, this assumes that the no-fly/SSSS list makes sense ... which is a topic for another thread ...
A competent terrorist won't be on the no-fly/selectee list because he will be using a false name, and either fake ID, or the Real ID of someone who resembles him (where that someone is in cooperation with the terrorist, or that someone is dead in the trunk of the car the terrorist parked at the airport).
Really disappointing quote:
"Any moron with a printer could do it," security analyst Bruce Schneier said. "Encryption will solve that problem."
I can only hope that Schneier's comment was taken out of context.
This is purely about preserving airline revenue models, nothing else.