[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: forget photographing license plates!
Another UK vehicle security reply (disclaimer: my dad's company installs
alarms, imobilisers, lojack/skynet, etc.)
The first generation of remote-keyed car-alarms used a static key. It
didn't take long before people had modified scanners to record the key
and play it back as soon as the driver had left.
The current generation uses what is described as "rolling code random
encryption". From what I could work out from talking to people, this
scheme works something like a one time password scheme, but with no
feedback from server (car) to client (keyfob). It seems that the keyfob
has persistent state in the form of a counter, which is incremented
every time the key is pressed. This counter is combined with the
encryption key and the resulting cyphertext is then transmitted.
The car keeps a record of the last successful sequence number, and will
not allow earlier sequences to be replayed. The car will accept sequence
numbers within a certain range of the last successful one, in case a
particular try is not recieved, or the key is jostled in ones pocket.
I don't know how strong the algorithms are, or how long the keys are;
there are supposed to be minimum requirements on key length, but I don't
know if the approval body evaluates the crypto.
Simon
---
Cause maybe (maybe) | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all | Email address remains unchanged
You're my firewall - | ........First in Usenet.........