[acdha]

Think about what happens when people lose their keys, which will reliably happen.

[Zak]

In the old days, most or all car companies had the ability to look up the bitting code to cut a replacement key (the mechanical kind) from the car's VIN. There's no reason they can't do the same with an encryption key.

Of course they'd need to do a good job securing that database since inappropriate access to it would make stealing cars very easy.

[Reubachi]

There is a very good reason that isn't possible/analagous to traditional rekeying.

Mechanical keys are not secure. They can be reproduced with basic skills. That's why there used to be a giant key cutting industry where much of the business was car keys (Thanks, GM.)

The whole idea of CA PKI and all modern TPM architecture on devices is that they CAN'T be reproduced or replaced in context without massive effort that would make the intended use moot; IE replacing the TPM and associated on both the key and car. This would require some bureaucratic pointless process to prove your identity, and it would be very expensive and frustrating, and completely at the manufacturers will.

Further, if the car CPU could allow this, it would be >.0001 second before theives use the same exact tools that the manufacturers use. This is basically what's happening now with current NFC/Radio Keyfobs. Basic access to existing cpu through canbus makes NFC/Radio moot.

[RHSeeger]

> If I left a million dollars out on my front porch, and someone stole it, that would not be my fault in any sort of way

Pretty much all of human history to this point says that this is a practical impossibility. If there is such a database/secret, it will get out.

[bombcar]

Just make it so the key has to match cryptography with a device that is wedged deep within the vehicle in a hard to access way.

The dealer can spend the two hours necessary to replace the encryption module, but thieves would have to also spend that same two hours.