> * Is there any standard cryptographic hash function with an output > of about 64 bits? It's OK for our scenario if finding a preimage for > a particular signature takes 5 days. Not if it takes 5 minutes.
This is a protocol designed for nasty guys who want to steal your car, which would forcibly stop the car regardless of the wishes of the driver, remotely from anywhere on the Internet? And it's mandated by the government? These are not "tracking devices", as your subject line said; they actively intervene in driving -- much more dangerous. As usual, it sounds like a great tool when used responsibly -- against stolen cars, though it will probably cause collisions, which could hardly be called "accidents" since they are easily foreseeable. And it's a terrible tool when used any other way (by criminals against cop cars, for example; or by Bulgarian virus authors against random cars; or by breaking into the DENATRAN and stealing and posting all the secrets; or by an invading army). It reminds me of the RFID passport design process: One entity figures out what would make ITS life easier (reading your passport while you're in line at the border), mandates a change, and ignores the entire effects on the rest of society that result. Why would you limit anything to 64 bits, or think it's OK that with 5 days of calculation *anyone* could do this to your mother's or daughter's car? Shouldn't tracking or disabling the car require the active cooperation of the car's owner, e.g. by the owner supplying a secret known only to them, and not recorded in a database anywhere (in the government, at the dealer, etc)? That way, if the protocol is actually secure, most of the evil ways to use it AGAINST the owner would be eliminated. John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com