[Blabber] Encryption questions
konsgn at hotmail.com
Thu Dec 10 19:50:19 UTC 2015
... by knowing the secret key?...and if necessary, device uuid based on ip addresses or something or other.
From: Blabber <blabber-bounces at list.hackmanhattan.com> on behalf of Benjamin Kreuter <ben.kreuter at gmail.com>
Sent: Thursday, December 10, 2015 12:09 PM
To: Hack Manhattan!
Subject: Re: [Blabber] Encryption questions
On Thu, 2015-12-10 at 16:34 +0000, Konstantin Avdashchenko wrote:
> Say that the server/host/whatever sends out a token that is valid for
> 2 seconds(to reduce the chance of replay attacks), the device/ sensor
> takes that token and does a aes encryption of the sensor data using a
> hash of it's secret key+token. Then the server can see that data and
> there is no chance of an attacker understanding the data sent without
> gaining physical access to the device and it's secret. If you want
> additional security you could hash against the devices unique id so
> that any compromised key only compromises that unique device.
> What is wrong with the above setup? Is there anything wrong with it?
How will the server decrypt the data?
More information about the Blabber