2

Background

I read an article about how car keys that remotely open one's car are not secure. This answer also talks about different encryption methods being insecure.

The article mentions that common encryption keys were used across many different vehicles.

Unique end-to-end encryption

Now, I am wondering: why do manufacturers not just assign unique keys for every single car-key combination?

A simple implementation I would imagine is the vehicle and key using a unique mathematic formula to build a code based on time. Now, only keeping the time accurate would need to be assured and I cannot imagine a way of a third party cracking this scheme. See: the code would never be the same for any second in time and with a formula complex enough no correlation visible.

Why are remote keys insecure?

Car keys still being insecure today leads me to the conclusion that there must be some loophole in my idea.

  • 1
    What happens if you lose your car key and need to replace it? – Mike Scott Nov 25 '18 at 11:06
  • 3
    This question has already an answer at [crypto.se]: [Why do key fobs/garage doors openers use rolling codes instead of PGP or SSL encryption?](https://crypto.stackexchange.com/questions/42712/why-do-key-fobs-garage-doors-openers-use-rolling-codes-instead-of-pgp-or-ssl-enc). – Steffen Ullrich Nov 25 '18 at 11:22
  • @MikeScott When you have access to the physical car or key, you can get the encryption "key" / formula. – creativecreatorormaybenot Nov 25 '18 at 11:38
  • 1
    @SteffenUllrich The consent on that answer is that it is too expensive for manufacturers. I think that that is fair. I will still leave this question open because it is more focused about whether e.g. what I proposed would really be secure. – creativecreatorormaybenot Nov 25 '18 at 11:42

0 Answers0