Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Still, the comment above still stands. Not sure about the key bruteforcing estimates, surely a couple of days of readings would be enough.

Are the keys stored on the devices? Is it a shared key?



Every device has it's own unique keys - one for transmitting data and another for receiving commands. They are burned with firmware in production. If you are interested in bruteforcing - I can send you two weeks worth of my home water meters' data packets to play with :) See, the CRC is calculated for encrypted data, so there is no way to know if the guessed key is correct.


No MACs?


There are unique device Ids, they kinda like MACs.


Old thread, but GP probably talked about a different thing. Not MAC as in Ethernet..

https://en.m.wikipedia.org/wiki/Message_authentication_code


Oh, those MACs) No, we've spend that bandwidth for iterators to mitigate replay attack. But the idea of one-time MAC is interesting, thank you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: