In which we see the difference between guarding against hostility vs. guarding against accidents.
On Sun, Mar 17, 2019, 10:03 AM David W. Schultz <[email protected]> wrote: > On 3/16/19 8:14 PM, Keith Packard wrote: > > "David W. Schultz" <[email protected]> writes: > >> How do you prevent someone from recording a valid data packet and > >> resending it? The answers are probably in the code but I see multiple > >> versions of telelco with no idea which to look at. > > > > There's a timestamp in each packet to avoid repeated data, plus the two > ends > > have synchronized clocks -- packets are only valid for a short time so a > > simple repeat of an existing packet will not be valid. > > > > Good idea, bad implementation. > > It took some searching but I found where ao_pad.c checked the time > stamp. Not for all packets though it does do the important ones. > > time_difference = command.tick - ao_time(); > > Digging through the sources I see that command.tick and ao_time() have > tupe uint16_t. Not big enough. > > The tick rate appears to be 100Hz so the counter repeats every 655 seconds. > > Because of the short length of this time stamp, after recording a valid > packet I can wait until it will be valid again before sending it. About > 11 minutes. By recording data I can build a library of valid packets and > the times they will be good. I can also sync a local copy of the system > tick counter so I know when they will be good. > > Eventually I can do whatever I want almost whenever I want. > > Now if the time were kept to 32 bits I would have to wait a lot longer. > > But even with a 32 bit counter attacks are still possible, it just takes > more time. If the count always starts at zero, then I can still build a > library of packets and when they will be good. Usable the next time the > system restarts. Starting with a random count would help with that. > > > -- > http://home.earthlink.net/~david.schultz > The cheaper the crook, the gaudier the patter. - Sam Spade > _______________________________________________ > altusmetrum mailing list > [email protected] > http://lists.gag.com/mailman/listinfo/altusmetrum >
_______________________________________________ altusmetrum mailing list [email protected] http://lists.gag.com/mailman/listinfo/altusmetrum
