Nope because the pseudo random number generators are seeded with different codes in each car so you have no idea what the next “random” number is going to be. If you could guess one number from the previous one it would not be random at all.
That has been explained. The receiver accepts a number N of subsequent codes so you are safe as long as you do not “lose” more than N-1 codes. If you press the button more than N times then it probably means a trip to the dealer, who has a master code… which can be leaked and this is probably the weakness in the system. That is the whole point, You can make the system as secure as you want but people demand an easy way of getting in if they mess up. You can’t have it both ways. You can easily make a system which is unbreakable but then it is unbreakable if you mess up and people don’t want that.
One doesn’t have to “guess” what the next number is, if the algorithm and the seed are known. If you read my link above, this sort of remote control system has already been cracked.
Chrysler uses 8 pin locks and in addition, since some are computer encrypted ,must also be programmed to the vehicles computer. Although a key may fit the cylinder (lock) a skim code or pin number must be used to allow access to the vehicles computer. All keys for the vehicle must be programed at the same time, any key that still fits the lock will not start the vehicle unless programmed to the vehicles computer.
I am afraid you are totally misunderstanding how the system works. The seed is not known. The fact that it has been cracked does not mean the system itself was cracked but more likely that a back door (which was implemented so dealers could open cars) has been leaked. With today’s technology it is trivially easy to design a system which is unbreakable and I would be quite sure the systems in use are unbreakable by direct brute force if they are well designed. Now, back dorrs are another thing but a manufacturer who did not offer a back door would have to face irate customers who had messed up. It is a compromise.
As I say, devising a secure system is trivially easy.
A system using an asymmetric key system (like the public key encryption system used in the RSA SecurID) would provide a computationally secure means of key verification; that is to say, while the algorithm can technically be broken, it is computationally prohibitive to do so for any reasonable purpose as it would take thousands of years of calculations to crack the seed pseudoprime. Such a system is still technically vulnerable to “cellar door” and “man in the middle” type attacks, but these can be managed. You can make the system more secure by limiting access (i.e. physical access rather than radio signal) and not providing any kind of back door access, but then you run into Lao-Tze’s modification of Clarke’s Third Law:
Any sufficiently secure system will be indistinguishable from a large, featureless block of granite.
Well, maybe Lao-Tze didn’t actually say that, but he would of if he had to deal with modern security systems.
The car must then store the information for every key that is used with it since I use one of my car keys all the time and leave the other hung on a pin in a closet at home. Nevertheless when i take it out maybe twice a year, it works fine though it can’t possibly be synchronized with the other key any more.
And one other question. If I idly sit here pressing my remote when the car is too far away can I de-synch them? There must be some slack in the system whereby any of the next 100? (certainly more than 10) numbers in sequence will work.
I suppose if you could de-sync it, that it would be possible to make the lock so it could be re-synced, too. Say if you pressed the button five-ten times in a row, and your car discovered that the sequence was contained somewhere in it’s algorithm, only a bit off from the where it last synced. (billions of numbers still shouldn’t take more than a few seconds to cycle through)
That can easily be resolved by having the receiver acceptr two or more different senders.
Yes, you can de-synch them by pressing the button repeatedly while out of range but it would have to be a huge number. (I still think it would be a neat thing to do to a hated coworker.) And probably that is one reason dealers need to have a back door. Which creates a vulnerability.
You do not even need that. Think about it. All you need is a key or password which is different every time. That’s all. And rather than carry on sender and receiver all the millions of codes, all you need is a pseudorandom number generator which is seeded in both with the same code. After that the sequence is the same in both.
The way I would do it would be a two-way communication: The key has a private crypto key, and the lock has a random number generator (possibly not even pseudo- : It woudn’t use up entropy very fast, so it could use some sort of environmental sampling) and the public key. When you press the button on the key, it sends a signal to the lock. On receiving this signal, the lock produces a random number, encrypts it using the public key, and transmits the encrypted number to the remote. The remote then decrypts it using its private key, and transmits the decrypted number back to the lock. If it matches the original random number, the lock opens, otherwise it doesn’t. Fully secure, intercepted signals are useless, and it can use any number of remotes without any of them ever getting out of synch.
Just anecdotally, I chose my best friends based on their front door keys. Okay, not really, but purely coincidentally, my own housekey has opened my best friend’s door, through 4 best friends and four pairs of locks now. It’s a little eerie, actually. First one was in high school, when we found out due to desperation when she locked herself out in the middle of a snowstorm and we tried my key, “just for the hell of it.” It worked.
Next in college, a friend and I had been out drinking and she handed me her keys to unlock her front door, only they were actually my keys, but they worked anyhow.
Third I was joking around, telling the story of the first two times and laughing about, “wouldn’t it be funny if…” and, well, I got dared to try it on her door, and it worked.
The fourth time I just got all Jedi certain that my key juju was going to work, and indeed it does.
One house and three apartments for me and each of those keys worked in the lock of a friend. I’m pretty convinced locks are nearly 100% psychological, and if you tried yours in your friends’ homes, a startling number of them would work.
This is unnecessaryly complicated. You (and others in this thread) are overthinking this problem. There is no need for two way communication or for encryption. It solves nothing and just complicated the mechanics of implementing it. Encryption is needed when you want to communicate information but keep it secret from listeners. Here there is no need to keep it secret because the code changes once it has been used. There is no point in keeping it secret.
All you need is that transmitter and receiver agree on a long list of keys beforehand. This could be done simply with the keys being kept by both in memory but it is more practical to use a pseudorandom number generator. Keys are then used and discarded. Encryption and two way adds nothing but complexity. If you want to add security you make the key longer.
Oh, I thought you were devising your own new system, since one major version of the system you’re describing has been cracked, as previously noted; something you’ve failed twice now to address.
Wouldn’t that be awesome? But no, it’s been four different keys of mine that open four different friends different abodes. That’s the really weird part. It’s not one uber skeleton key, it’s just coincidence after coincidence.
Again, and I repeat myself, it seems most probable that the sistem has not been cracked but that what has been cracked is a back door implemented. Which I have already posted. Please try to keep up. Or show that the system has indeed been cracked rather than the back door. Because closing the back door is extremely easy but customers would not want that. If you had read the thread I would not need to repeat this and you could be addressing those points directly.
You would also need to prove that the two way system is more robust in every way. Which I think is not the case. I think it has greater vulnerability.