Verification of the returned data from the RPi Server

Question

Verification of the returned data from the RPi Server

Opened this issue 10 years ago · 0 comments

The Arduino sends a value derived from its clock with the RFID key data. It would be nice if the RPi could respond with this data in its response so that the Arduino can confirm that the response came from the server that it sent the data to. Without some sort of check like this, it's easier for a man-in-the-middle attack to happen.

We might actually be over-engineering this at the moment, but if this system becomes complicated enough to be used as an access method to (e.g.) machine tools or the building itself, then there is incentive for someone to try and beat it.