Originally Posted by
baliktad
Don't confuse a short signature with insecure cryptography or weak keys. SHA-1 is still considered an effective hashing algorithm and produces a 160-bit output. For message authentication purposes, even half that would be more than sufficient for this lifetime. I'm not saying the TSA/airlines are secure against hacking, just that a short signature is not an indicator of a security weakness.
[A cryptographically secure algorithm and key yielding an 80-bit signature could be brute-forced... if you had a million computers that tried a million combinations a second, you could find the correct signature for a single boarding pass in just shy of 40,000 years. Good luck with that.]
The take-home point should be that one can decode the barcode very easily, but re-coding it to give onself PreCheck isn't as simple as it looks; to the contrary, it is quite difficult if it is even possible.