[bradleyland]

Do you think this is an honest assessment?

"That security feature only adds 101 minutes (and about 400 button presses) to the cracking process."

Only adds 101 minutes? I'm incredulous.

The claimed attack time is 20 minutes. By your assertion, this security feature increases the required attack time by a factor of 5. Were this a virtual system, that is trivial, but this attack requires physical presence, or at least the presence of a device.

I think you're cynicism is unjustified, as the extra time makes this an undesirable attack vector in light of the alternatives. Anyone willing to spend 100+ minutes at a car door is just going to use a slim jim or move on to an easier target instead.

[logfromblammo]

In contrast, requiring that each unlock attempt be a separate sequence of five button presses with a ten-second timeout between attempts would make the brute force attack take 15625 button presses with 520 minutes of waiting for timeouts.

The security feature is a useless patch on a fundamentally flawed foundation. It is less effective than fixing the underlying problem, which is that a well crafted attack can rule out one code per additional button press.

Making odd and even numbers discrete buttons increases the attack difficulty by a factor of 32. These things are not difficult or unpredictable. Literally anyone with a calculator and 15 minutes to think about security could come up with ways to improve the system superior to the BS band-aid they came up with.

If someone is attempting this, they will have barely-detectable near-instant access to your vehicle's interior from that moment forward. This isn't just about using a slim jim to grab your valuables. That someone could also smash your window with a rock. What happens when someone wants to photograph your auto registration while you are in your office, and visit your home address at a later time? Perhaps you use the same 5-digit code for something else? The attack space for that something else is now just 32 attempts.

Thinking about security threats requires predicting criminal motives. Cracking the keyless entry system is not a simple robbery tactic. The person doing it is after more than the contents of your vehicle at that instant.

[bradleyland]

I initially posted to refute this claim:

> Given the huge security holes already known to be present in the median auto electronics system, my guess is "absolutely not".

Which is provably false. There is a system to slow down attackers, and it results in a 5x increase in attack time. The rest is tangential to the point.

Yes, it could be better, but you're trivializing what isn't trivial. A 100 minute increase is not trivial. Yes, it'd be even better if it took hours. It'd be even better if it took years. If you're concerned about the security of your vehicle, why have this system at all? It's a trade-off in convenience for security, which many people can afford. All of these are tangents, but they do not qualify a response of "absolutely not" in response to the original inquiry.

Nothing else you've said is wrong, but it seem like you're grasping at other points in order to justify your cynicism, which was proven unfounded. I won't be baited in to an argument that the safeguards could be improved.