Comment by bufferoverflow

Comment by bufferoverflow 3 months ago

2 replies

View on Hacker News

Why can't it be very simple and secure. Car and fob share a secret key.

When you click on the open button on the fob, you send

SHA256(key)

Car responds with a random challenge

RND

Fob sends

SHA256(key XOR RND)

Car does the same calculation and compares.

kilburn 3 months ago

There's no car identification in this protocol, meaning that impersonation/mitm attacks are trivial. Try again :)

Reply View 1 reply
  • bufferoverflow 3 months ago

    I don't see it. Give an example of how this attack can be executed, a practical application.

    I approach my car, I press the button on the fob to open it, and your attack does what exactly?

    Reply View 0 replies