[time-nuts] Time security musing - attacking the clock itself
hmurray at megapathdsl.net
Tue Dec 4 02:34:46 UTC 2012
lists at lazygranch.com said:
> I have one of those key fobs. Does the code somehow inform the power the be
> about the drift in the built in clock? Or is the time element of the code so
> sloppy that the drift is acceptable?
The magic number changes every second or so. You only have to scan a few
seconds either side of the correct time to find a valid match. Every time
the server gets a match it can update its memory of the fob time to reduce
its searching in the future.
You could measure/compute the drift too. I don't know if that's worth the
effort. It would probably change with temperature so seasonal or lifestyle
changes could throw the prediction way off.
[I have no inside knowledge. I could be totally wrong, but that seems
reasonable to me. They may have a better approach.]
These are my opinions. I hate spam.
More information about the time-nuts