"Keith Packard" <[email protected]> writes: > I think it would be sufficient to just add a 64-bit random nonce to the > packets and leave the rest of the protocol alone.
Oops. For this to work, the pad boxes would have to remember the nonces
seen before and ignore them.
A longer time stamp in both directions should work though -- the ARM
command requires that the LCO compute the expected receive time of the
packet in terms of the PAD box time base; this two-way communication
avoids replay attacks of the whole protocol
LCO PAD
t1 QUERY ->
<- REPLY
pad_tick
t2 ARM ->
time = pad_tick + (t2-t1)
check time within 1/10 second of current time
We'll need a source of entropy for both LCO and PAD ends so that their
'clocks' start at a random time rather than zero. Both ends have a radio
chip; I'll see if I can't cook up some way to just get a packet of white
noise at startup time and pull some entropy out of that.
--
-keith
signature.asc
Description: PGP signature
_______________________________________________ altusmetrum mailing list [email protected] http://lists.gag.com/mailman/listinfo/altusmetrum
