[stekoz]

Is lock/unlock going to use some kind of OTP, or would the same communication happen over BT everytime? Just thinking about how easily this could be cracked by malicious people near you and your bike.

[fleitz]

If Eve wants to steal Bob's bike Eve is going to buy a pair of bolt cutters before fucking around trying to find Alice and Bob's shared secret.

Even though Bruce Schneier could probably break that lock just by looking at it, he's probably not going to become a bike thief.

http://xkcd.com/538/

[davorb]

If you were the kind of person that would want to steal a bike, would you:

A. Spend $2 on a bolt cutter.

B. Spend hundreds of dollars on technical equipment in order to potentially be able to unlock a very unusual type of lock that you could have gotten to with option A anyway.

[7952]

Or C. Download an app that will unlock high end bikes with no visible breaking in at all.

C would be a popular option if this type of lock was common and had vulnerabilities.

[fleitz]

As always social engineering works far better than tech engineering, watch the guys try and help the girl steal a bike.

http://www.youtube.com/watch?v=ge7i60GuNRg

[mehrdad]

No we are not use a one time password. The key changes every time interact with the lock to stop man-in-the-middle attacks. We use AES-128 encryption that is the access control industry standard (and we think it is enough).

As a side note, I have PhD in embedded system security, although most of these things are crypto 101.