[time-nuts] Time security musing - attacking the clock itself

Hal Murray hmurray at megapathdsl.net
Tue Dec 4 02:34:46 UTC 2012

lists at lazygranch.com said:
> I have one of those key fobs. Does the code somehow inform the power the be
> about the drift in the built in clock? Or is the time element of the code so
> sloppy that the drift is acceptable? 

The magic number changes every second or so.  You only have to scan a few 
seconds either side of the correct time to find a valid match.  Every time 
the server gets a match it can update its memory of the fob time to reduce 
its searching in the future.

You could measure/compute the drift too.  I don't know if that's worth the 
effort.  It would probably change with temperature so seasonal or lifestyle 
changes could throw the prediction way off.

[I have no inside knowledge.  I could be totally wrong, but that seems 
reasonable to me.  They may have a better approach.]

These are my opinions.  I hate spam.

More information about the time-nuts mailing list