Hacker News new | past | comments | ask | show | jobs | submit login

Logitech keyboards (and probably others as well) let you use a single receiver for all the logitech wireless devices (http://www.logitech.com/en-us/promotions/6072).

If you have a unique key embedded in each keyboard/dongle pair, you would lose the ability to do this. In addition, if you lost the dongle, you would be SOL.

I think more people will care about the convenience instead of the security.

Ideally, you could have both; what if the keyboard had a USB slot that you plug in a dongle to pair it? You could have it generate a random key whenever a dongle is plugged in, to prevent someone plugging in their dongle to your keyboard (it would only pair with one dongle at a time).




> If you have a unique key embedded in each keyboard/dongle pair, you would lose the ability to do this. In addition, if you lost the dongle, you would be SOL.

I'm not sure I understand why? If public/private key cryptography were used then each dongle & keyboard would contain a private key. The dongle then contains a store for up to X public keys.

The pairing procedure starts due to a physical button press on the two devices, they find each other and exchange public keys. All future communication is then encrypted & signed using the private keys these devices hold. The attack described in venaoy's edit still applies though, an active attacker present during pairing may pretend to be an access point & keyboard, overpowering the original access point and acting as a sort of relay. The link would however break if this relay were to leave the vicinity.


The comment I was replying to stated that each pair would have an AES key generated for them at manufacture, and that is the key they would use to communicate together.

After I posted my reply, the comment was edited to mention this sort of public key exchange you describe happening with a button push. My comment does not apply to this sort of functionality. It would work great, with only the concern you mentioned about a relay attacker. I was only saying having a symmetric key generated at manufacture wouldn't allow for dongle changing and/or dongle consolidation.


Logitech 2.4 GHz keyboards use 128-bit AES symmetric encryption.

As I understand it, the encryptiion key is generated at the time of pairing in both the the keyboard and the receiver independently, and thus never transmitted wirelessly.

This is accomplished by having a secret algorithm that is encoded in both devices and produces the key based on some random input data that is shared between the devices at the time of pairing.

Further information here:

http://www.logitech.com/images/pdf/roem/Logitech_Adv_24_Ghz_...


> If you have a unique key embedded in each keyboard/dongle pair, you would lose the ability to do this. In addition, if you lost the dongle, you would be SOL.

What about initializing the key during pairing? See parent's edit


Yes, initializing the key during pairing would work great.

I posted my reply before the parent's edit. I don't think this is an intractable problem; my suggestion of a physical connection for pairing or even a remote pairing with a button press would work fine. My ONLY point was that hard coding a symmetric key into the keyboard/dongle pair and then using that key for all communication wouldn't be practical.


If you use mutiple Logitech keyboards/mice in an office, chances are high someone else is controlling your mouse/keyboard input. This is absurd!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: