From: Simon Spero <ses@tipper.oit.unc.edu>
To: “Douglas R. Floyd” <dfloyd@io.com>
Message Hash: 67de3ddab0d14b66bfe8b776b6e048954a556a4bd6299e2b451c915a6d76d41f
Message ID: <Pine.SUN.3.91.960815144122.26417A-100000@tipper.oit.unc.edu>
Reply To: <199608151523.KAA03014@xanadu.io.com>
UTC Datetime: 1996-08-15 22:51:42 UTC
Raw Date: Fri, 16 Aug 1996 06:51:42 +0800
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 16 Aug 1996 06:51:42 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: forget photographing license plates!
In-Reply-To: <199608151523.KAA03014@xanadu.io.com>
Message-ID: <Pine.SUN.3.91.960815144122.26417A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain
Another UK vehicle security reply (disclaimer: my dad's company installs
alarms, imobilisers, lojack/skynet, etc.)
The first generation of remote-keyed car-alarms used a static key. It
didn't take long before people had modified scanners to record the key
and play it back as soon as the driver had left.
The current generation uses what is described as "rolling code random
encryption". From what I could work out from talking to people, this
scheme works something like a one time password scheme, but with no
feedback from server (car) to client (keyfob). It seems that the keyfob
has persistent state in the form of a counter, which is incremented
every time the key is pressed. This counter is combined with the
encryption key and the resulting cyphertext is then transmitted.
The car keeps a record of the last successful sequence number, and will
not allow earlier sequences to be replayed. The car will accept sequence
numbers within a certain range of the last successful one, in case a
particular try is not recieved, or the key is jostled in ones pocket.
I don't know how strong the algorithms are, or how long the keys are;
there are supposed to be minimum requirements on key length, but I don't
know if the approval body evaluates the crypto.
Simon
---
Cause maybe (maybe) | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all | Email address remains unchanged
You're my firewall - | ........First in Usenet.........
Return to August 1996
Return to “Soldier <soldier@phunc.com>”