Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't get it. Why not publish the method used the crack it without the codes? That's the important research here, and what should be public to further crypto knowledge.

The actual codes are worthless for that.



From the article it does sound like Volkswagen asked them to redact the codes and they said no, whether they asked for further redactions is unclear. If it was a simple case of asking them not to publish the unlock codes and they said no, that sounds a bit odd, you don't need the codes to show there's a flaw in the system.


>If it was a simple case of asking them not to publish the unlock codes and they said no, that sounds a bit odd, you don't need the codes to show there's a flaw in the system.

It's not odd when you consider the need of researchers to allow other researchers to reproduce their results for peer review.


You don't need the codes to replicate the results. The codes just let you bypass spending the $50k to replicate the experiment.


In other words not providing the codes would increase the cost of replicating the experiment by $50,000 for each team of researchers who chooses to replicate it. Is that really what you want scientists spending their research funding on?


The point is, you're not actually replicating it if you don't follow all the stages of the experiment. You are (probably) just stealing cars.


> The point is, you're not actually replicating it if you don't follow all the stages of the experiment.

Disassembling the chip isn't part of the experiment, it's a precursor. You don't have to build your own particle accelerator just to replicate a subsequent experiment that was originally conceived based on data from the large hadron collider.


I don't understand the part about the info being available on the net for years already. I'm sure the reporters garbled that since they probably have zero domain knowledge, but it sure implied that anyone with criminal intent probably already has what they need to unlock those cars.


I interpreted that statement as meaning the software that the cars run is available online. And that software is what the researchers examined.

Not the results of this research.


Ok, so that stuff about putting the chips under a microscope probably meant they were just extracting the secret keys. Suggesting that there is just a small number of master keys across the entire line of cars instead of a unique set of keys for each car.


Most crypto bugs seem to end up being a case where any useful description of the vulnerability is sufficient for a competent attacker to reproduce the problem. In other words, if it came down to just the "codes" (i.e., secret keys) making the difference of whether or not the system was secure in general, then the crypto would probably be strong.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: