We are told that the old standards aren't strict enough, but has there
ever been an instance where someone used those lax old standards to fake
a world record claim?


Marc Ramsey wrote:
Nick Gilbert wrote:

Not sure if the patronising reply was necessary. Also, it was
presumptuous of you to assume I know nothing about this topic, whether
I do or not.


Me bad.

The trade-offs are pretty straightforward. In 1996, if the IGC had
specified a security system that would still be considered reasonably
secure in 2005, the flight recorders would either have cost several
times as much, or it would have taken hours to do the signature
calculations in the recorder. We have much the same problem in 2005.
That is an unfortunate characteristic of trying to implement public key
encryption systems on inexpensive microcontrollers in low production
volume devices.

The one thing that may ultimately ease the issue, is the nearly
ubiquitous presence of internet access in 2005, which makes a private
key system viable and secure.

I am simply questioning the seriousness of the security flaw. If it
has been proven that flight traces with the redundant devices can be
falsified (one can only assume they have, otherwise we wouldn't be
going through this at all), then why not ask the question?


It comes down to this, if someone cheats by managing to break the
signature system, we won't find out unless a mistake was made some place
else in flight documentation (like faking the flight in an inconsistent
fashion). We can only really guard against this by removing world
record approval for devices that that we know to have fairly weak
encryption capabilities.

Marc