> On Tue, 7 Jan 1997, Dave Mullenix wrote:
>
> > Such devices already exist and alarm manufacturers have been taking
> > countermeasures for at least three years.  One technique is to have the
> > remote send a different code every time the button is pressed.  The auto
> > alarm has a list a list of codes and makes sure the code received is within
> > ten positions or so of its correct spot on the list.  If not, the alarm
> > becomes inert for a half hour or so.
>
>   So instead of unlocking cars, I make it so that everyone on my street
>   is trapped there for half an hour?   Even better.

Mumble mumble... there are always problems when trying to balance the risks
of infiltration versus the ease of denial-of-service attacks.  Producing a
system which is immune to both can often be difficult, though in the case
of an automotive lock control system, I think it should be possible to make
a system immune to both.  The one difficulty is that federal government reg-
ulations make it hard to use any secure code over 40 bits long, and codes
of that length may be subject to "birthday" attacks.  I could nonetheless
tell anyone interested how to make a system that was secure, though such
advice could well steer someone into a patent violation since many such sys-
tems are already patented.