Re: Activation protocol for tracking devices

2009-03-04 Thread David Wagner
Santiago Aguiar wrote: As I wrote in my last email, in Brazil they are devising a protocol to activate tracking/blocking devices to be installed from factory in *every* vehicle, starting progressively from august 2009. The idea is that a service operator (SO) can activate a device to work

Re: Activation protocol for tracking devices

2009-03-04 Thread Santiago Aguiar
David Wagner wrote: This does sound like it introduces novel risks. I would suggest that rather than spending too much energy on the cryptomath, it would make sense to focus energy on the systems issues and the security requirements. Very interesting read. These topics are being discussed,

Re: Activation protocol for tracking devices

2009-03-02 Thread Jerry Leichter
On Feb 27, 2009, at 2:13 PM, Santiago Aguiar wrote: * Is there any standard cryptographic hash function with an output of about 64 bits? It's OK for our scenario if finding a preimage for a particular signature takes 5 days. Not if it takes 5 minutes. Not specifically, but you can simply take

Re: Activation protocol for tracking devices

2009-03-02 Thread Santiago Aguiar
Hi, Jerry Leichter wrote: Not specifically, but you can simply take the first 64 bits from a larger cryptographically secure hash function. OK, I didn't know if it was right to do just that. We were thinking to use that hash in an HMAC so the TCU and SO can know that they were originated from

Re: Activation protocol for tracking devices

2009-03-02 Thread John Ioannidis
As it has been pointed out numerous times on this and other places, this is a singularly bad idea. The crypto isn't even the hardest part (and it's hard enough). Just don't do it. If you are going to spend your energy on anything, it should be to work against such a plan. /ji

Re: Activation protocol for tracking devices

2009-03-02 Thread Santiago Aguiar
John Ioannidis wrote: Just don't do it. If you are going to spend your energy on anything, it should be to work against such a plan. I would agree, but I fear that a this is never going to work, drop it will be less heard than any effort in at least trying to raise the bar for an attack.

Re: Activation protocol for tracking devices

2009-03-02 Thread Jerry Leichter
On Mar 2, 2009, at 12:56 PM, Santiago Aguiar wrote: Hi, Jerry Leichter wrote: Not specifically, but you can simply take the first 64 bits from a larger cryptographically secure hash function. OK, I didn't know if it was right to do just that. We were thinking to use that hash in an HMAC so