this post was submitted on 03 Jan 2025
1190 points (99.3% liked)

Privacy

4446 readers
229 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq
1190
Asking some reasonable questions about Elon Musk's "help" with the Cybertruck bombing case (i.redd.it)
submitted 4 days ago by ooli to c/privacy
83 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 3 days ago

Full disclosure, I'm not at work for a few months so I am far off my crypto system design game. I'm usually pretty good though. :)

Rather than full SSL I was thinking something along the lines of an hmac. Because we can introduce the two devices to each other physically we don't need to worry too much about a full challenge response. It should be sufficient to send an hmac signed message with an always increasing counter to prevent replays.

Even if we went with challenge response, I think you could get acceptable battery life using symmetric algorithms instead of public key.

https://shop.ftsafe.us/collections/security-keys-ble/products/feitian-multipass-fido2-fido-u2f-usb-c-nfc-ble-security-key-k32

Bluetooth security fobs already exist that do far more than would be required for a car key, and they get a few months of battery life with typical daily usage.