KeeLoq Company Responds to Claims that Researchers Cracked their Algorithm

Microchip Technology has now responded to a request for comment that I made last week for a post on the KeeLoq algorithm used in remote and keyless car systems.

In that post I discussed the method that Israeli and Belgian researchers devised to crack the unique code that is used in KeeLoq car systems. Microchip wouldn't respond to my request for comment at the time, other than to say it had no intention of publicly discussing security matters. This morning the company issued a press release stating that the company has evaluated the researchers' claims and has determined that KeeLoq "in its recommended real-world implementation, is secure." The company, however, wouldn't say why it believed the researchers were wrong. From the press release:

Microchip recognizes that the highly talented researchers have been successful at a theoretical attack of a block cipher. However, the KEELOQ security system implementation involves much more than just the cryptographic algorithm. The researchers’ claims that vehicles can be stolen, based on their cryptographic findings related to the KEELOQ algorithm, are incorrect due to several mistaken assumptions.

Microchip does not believe a public debate on how to steal vehicles benefits consumer security. In addition, for reasons of customer confidentially, Microchip cannot disclose specific information regarding the errors in the claims being made.

The company said that customers who are concerned about the matter should contact their local Microchip sales office. Contact info is on the Microchip web site