From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 16 Aug 1996 06:51:42 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: forget photographing license plates!
In-Reply-To: <199608151523.KAA03014@xanadu.io.com>
Message-ID: <Pine.SUN.3.91.960815144122.26417A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Another UK vehicle security reply (disclaimer: my dad's company installs 
alarms, imobilisers, lojack/skynet, etc.)

The first generation of remote-keyed car-alarms used a static key. It 
didn't take long before people had modified scanners to record the key 
and play it back as soon as the driver had left. 

The current generation uses what is described as "rolling code random 
encryption". From what I could work out from talking to people, this 
scheme works something like a one time password scheme, but with no 
feedback from server (car) to client (keyfob). It seems that the keyfob 
has persistent state in the form of a  counter, which is incremented 
every time the key is pressed. This counter is combined with the 
encryption key and the resulting cyphertext is then transmitted.

 The car keeps a record of the last successful sequence number, and will 
not allow earlier sequences to be replayed. The car will accept sequence 
numbers within a certain range of the last successful one, in case a 
particular try is not recieved, or the key is jostled in ones pocket.

I don't know how strong the algorithms are, or how long the keys are; 
there are supposed to be minimum requirements on key length, but I don't 
know if the approval body evaluates the crypto.

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........