forkidsrest.blogg.se - Wuala storage hack

WUALA STORAGE HACK SERIAL

This could be a final part of the production process, let the device initialize (get the key) and check that it has received a key (without the device letting know that the key is of course). The device should only be able to work if it has received a symmetric key from this server.

Is flagged: The server does not deliver the data to the user.

Is not flagged: The server sends the user its data (symmetric key) and flags this key as handed out in it's DB-system.

The server checks if the data (symmetric key) corresponding to this ID has not been handed out (is not flagged).

The user sends its ID (serial number) to the server.

The user connects to your server using a secure authenticated channel (I would suggest some kind of SSL connection).

What you need is for each user to be able to request its data only ONCE. I will also amuse losing some devices (or having a cost of reprogramming) due to an attack is not a problem.

WUALA STORAGE HACK SERIAL

Thus, in other words, you are asking how can I send some "private data" (= keys) to a group of "users" (= devices) over an "insecure channel" (= the factory and it's employees), with the users having an uniquely identifying feature (= serial number) which is easily known and/or imitated by a malicious user.

And make an assumption that looks like reasonable.įor all intent and purposes the symmetric keys are not keys but just data, since we get them "prefabricated" out of some system.

Since you seem unable (likely understandably so) to give any more information, I am going to rephrase your situation so you can determine if we are on the same level.