Weaknesses in the PLAID Protocol
In 2009, the Australian government released the Protocol for Lightweight Authentication of Identity (PLAID) protocol. It was recently analyzed (original paper is from 2014, but was just updated), and it’s a security disaster. Matt Green wrote a good blog post back in 2014 that explains the problems.
Clive Robinson • October 30, 2015 8:53 AM
Skim reading the report sections 5.7 and 5.8 really are unforgivable problems that should have been designed out of PLAID before it even got to day 1 of the project.
The conclusion (6) would be hysterically funny if it were not so serious. The standards editor should seriously consider his position. Likewise the standard should be dropped entirely, because it’s not secure and can not be made so, in fact it begs the question as to if incompetence or malicious intent were involved.