Talks NemID

Analysis of everything NemID.

  • Why NemID is a bad trusted third party model, leading to the attack discussed in https://www.version2.dk/blog/nemid-er-ikke-kryptologisk-sikker-og-myndighederne-er-ligeglade-513303
  • Is this a "theoretical attack", as Nets and Digitaliseringstyrelsen says? (no)
  • Could Nets sign stuff with my private key, if they wanted to? (yes)
  • NemID and Persondataloven § 41 Stk. 3.
  • Why using a domain from Niue (nemid.nu) is really, really unprofessional
  • Why the banks' usage of NemID is illegal according to Lov om betalinger §128
  • Attacking NemID using sslstrip
  • etc


Instances

  • Friday Aug. 25 11:30 - 12:30

Speakers