What is Digg?64 Comments
- fyrehart, on 10/10/2007, -1/+44It was only a matter of time, as with all cases of digital security.
- Samsong, on 10/10/2007, -4/+37Now we just need to get that guy working on Bioshock...
- EXreaction, on 10/10/2007, -2/+1809 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
- inactive, on 10/10/2007, -3/+17How long until it's posted on digg with the commentary that all information should be free?
- sumguy231, on 10/10/2007, -0/+14Ah crap, not even our cereal is safe now!
...Oh, wait. Keeloq. Not Kellogg. My bad. - fyrehart, on 10/10/2007, -1/+15You could probably check all the "underground" sites - all the chans, totse, etc. Yes, I know they aren't really the "underground," but that's like asking where you can find the black market - if you don't already know, you're not meant to know.
- Portfolioso, on 10/10/2007, -2/+15Blog Spam: Get straight to the source - wired: http://blog.wired.com/27bstroke6/2007/08/researchers-cra.html
- Falldog, on 10/10/2007, -0/+13I just want to drive around transmitting the signal for "panic."
- socokoolaid, on 10/10/2007, -0/+10A mere hour with a standard computer seems like a blatantly flawed encryption design.
- barroni, on 10/10/2007, -0/+10Its suppose to be gone in 60 seconds not gone in 60 min
- MrZaiko, on 10/10/2007, -0/+7Nah, Kevin Rose got divorced from the hacking world, right after he dated web 2.0
- Bricks, on 10/10/2007, -2/+9Boring. Call me when they haxx0rz teh Knight Rider in 60 seconds, and make a movie with Nicholas Cage
Do you even listen to yourself?
I go in and out. - HappyScrappy, on 10/10/2007, -0/+7If the system were designed correctly, with long keys, it would still be only a matter of time, it's just that the time would be greater than your lifetime.
The fact that this system is breakable is likely because they didn't see value in it being tougher to break. Locksmiths exist for a reason, people do lose their keys at times and don't expect to have to discard their car because of it.
That being said, 1 hour is too short, I don't feel comfortable with this. - inactive, on 10/10/2007, -0/+6well thank god I drive an archaic gas guzzling piece of ***** that still uses keys. All they need with my car is a good old fashion GM Key (Screwdriver)
- chance6, on 10/10/2007, -0/+6"keys for GM, Toyota, VW, Fiat, Chrysler, Daewoo, Honda, Jaguar, and Volvo"
Seriously, with Jaguar on the list, I think your Prius is safe. . . - EXreaction, on 10/10/2007, -0/+5Ever hear of rainbow tables? If it only takes an hour it probably won't take more than a few hundred GB to store all of the codes.
- CraigB12, on 10/10/2007, -3/+8Anybody know the site they were leaked to?
- Shootfast, on 10/10/2007, -1/+6Do I smell a new episode of the broken?
- nebion, on 10/10/2007, -1/+5That's simply not true. Digital security can be done pretty damn well, it just often isn't (DRM can't be done right, but that's because you're trying to enforce something unreasonable - allowing someone to access information for some purposes but not others).
There are some inherent problems with a totally automatic car key - such as the fact that you can use the key via proxy - but none of them have anything to do with the fact that it's "digital".
Computers have the best potential for security compared to any other kind of device; all of the problems are demonstrations of either trying to use it for something it can't be used for (such as DRM), or the designers of the security system being incompetent.. Sadly, both cases are extremely common. - semaphoreblock, on 10/10/2007, -0/+4takes an hour on your laptop maybe. on mine it'd take 3 days...
- seanc6610, on 10/10/2007, -9/+13wtf does microsoft have to do with keeloq being cracked? i understand bashing microsoft when it comes to PC's, but your comment just doesn't make sense.
- AnotherBrian, on 10/10/2007, -2/+5I hate it when companies purpously mangle the spelling of words like that.
- teddyrux, on 10/10/2007, -0/+3Easily the best line:
"It takes an hour, so if you see a college kid with a lap top hanging around your Prius... for a really long time, he might be trying to steal it." - trogdoor, on 10/10/2007, -0/+3But if you talk about it on Digg you will just get more 16 year old Digg users on Usenet.... Now do you see the problem?
- fyrehart, on 10/10/2007, -3/+6STFU. Never talk about such places. They do not exist.
- morcheeba, on 10/10/2007, -0/+3The article is bad -- this one is better: http://blog.wired.com/27bstroke6/2007/08/researchers-cra.html
They need access to your key for about an hour... this is to send it 65,000 probes. No real processing occurs here... that is done afterwards, on a dedicated computer, and it takes about a day. - bjzq8, on 10/10/2007, -0/+3See, P4 cards are the "Smart Cards" that DirectTV receivers use to decrypt the signals that consitute their video service. A few years ago they did a huge upgrade to P4, which overnight made it impossible to watch DirectTV for free. Interestingly, P4 has resisted all attempts to crack it, but that's mostly because the much easier Nagra/Nagra2 encryption of Dish Network has been thoroughly shattered. People take the route of least resistance. So, what LordSamu was saying was that if that guy can crack the sacred, holy, uncrackable iPhone, then he needs to get to work on the seemingly-uncrackable P4, which would certainly make me happy. I'll keep my Viewsat, though.
- HerbSolo, on 10/10/2007, -0/+3Ugh - i don't get it! - Why aren't so called "security" companies able to understand the basics of public-key cryptosystems?!?
The car and the opening-starting-device (formerly known as the car's key) get a keypair, the car sends a random number, signed by the car's secret key to the car-key, car key evaluates, signs with it's private key, sends back. - you won't be able to hack THAT in an hour! - DeathGod321, on 10/10/2007, -2/+4Commence Vista jokes...
- nebion, on 10/10/2007, -0/+2That's also very misleading. If I understood the crack correctly, you need to have access to the key, not the car, for an hour.
- skyshock1, on 10/10/2007, -2/+4Most likely usenet. You'd have to be a retard to post this on a web site.
- pgm_01, on 10/10/2007, -0/+2I think a Daewoo would also be safe, I don't think you could give it away.
- spawnfree, on 10/10/2007, -0/+2So the system wont pause for a few minutes, say every 20 attempts or so?
And they make the blue-tooth bonding password on Mercs 14 characters long; too long for the text-box on most smartphones.
I guess its true what they say about clever people; no common sense. - ThirdPrize, on 10/10/2007, -0/+2I just want to ... um ... "back up" some car keys if thats alright with you?
- LordSamu, on 10/10/2007, -1/+2Na we need him to work on P4 Direct TV cards first, then Bioshock. ;)
- pdbailey, on 10/10/2007, -0/+1That's a huge design flaw because there are only 3600 seconds in an hour and this allows for about 20 challenge/response pairs per second. If it maxed out at 200/hour, but parceled out several in the first minute, few would notice and it would be far more secure. This also isn't a new kind of attack, just application to a new stupidly designed system
- HerbSolo, on 10/10/2007, -0/+1i have to admit, i don't know. - the signing of mail on my laptop doesn't consume that much processing power though, it's the key-generation that seems to be processing-intensive. Also I've read the article on keeloq on wikipedia an that doesn't seem less complicated, problem is: the design is flawed.
- trev0006, on 12/17/2007, -0/+1No matter what kind of security there is it will be cracked, it is just a matter of time. http://www.dpccars.com
- noahhoward, on 10/10/2007, -1/+2I never could understand how someone could be a big enough douche to want to do this... but then again I never understood the thrill of stealing either. Now taking a steel pipe to the back of whoever breaks into your car... that's a feeling I could understand.
- Flanker, on 10/10/2007, -1/+2I think the real source has already been posted: http://www.cosic.esat.kuleuven.be/keeloq/
- HappyScrappy, on 10/10/2007, -0/+1Car key systems are one-way, like an IR remote.
- HerbSolo, on 10/10/2007, -0/+1They need access to ONE remote, then they can unlock any car from the same manufacturer! (from http://blog.wired.com/27bstroke6/2007/08/researchers-cra.html):
"With just an hour of remote access to the digital key of one car made by a manufacturer, the researchers say they are able not only to crack the unique code for that specific key but can also determine the key initialization process used to code the digital keys for all of the cars made by that manufacturer. - bromac, on 10/10/2007, -0/+1Exactly.
Security is all cost/benefit. Which is why I laugh whenever someone hits the car alarm on their 86 Ford Tempo. - valkyries, on 10/10/2007, -0/+1or my two year old iBook
- HerbSolo, on 10/10/2007, -0/+1Also the newest invention of the "on/off switch" would help - yeah - you'd have to press a button to open your car, but i could live with that!
Problem is - they don't need your key, they just need any key to a car from the same manufacturer. - trogdoor, on 10/10/2007, -0/+1That would require more processing by the key, and that adds a lot of cost and power consumption ( Though admittedly the power is probably minuscule next to the power needed for transmission ).
- StiGUP, on 10/10/2007, -5/+6an hour? geez it takes like a few minutes for armed robbery...:)
- HerbSolo, on 10/10/2007, -0/+1yes - in the article (the original, not the blogspam this digg article links to) it says 32 bits (of 64 bits total) of the key are identical for every car from one manufacturer. - So there's some kind of master key. This kinda makes sense - if you lose your key (or it's broke) you want this to be fixed as soon as possible. Anyhow, for security's sakes i could live with the fact that my car has to spend a night in the garage, if i need a new key.
- gravyboy, on 10/10/2007, -3/+4Also needs access to the remote for an hour...
http://www.cosic.esat.kuleuven.be/keeloq/ - NicksVideo, on 10/10/2007, -3/+3I don't think I'll ever understand why everyone on Digg hates people talking about Usenet. It's really not a secret at all.
I guess if you're 16 and all of a sudden discover Usenet, you might think it's some huge secret private place for pirating, but really, it isn't. -
Show 51 - 61 of 61 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is