Using external join server, generation of AppEUI/JoinEUI

Hi,
If I want to use an external join server for my lorawan 1.0.x nodes, I have read that the AppEUI/JoinEUI matters and you can’t set it to all zeros.

I have purchased an OUI-36, so can I then just use that and append zeros after OUI for it to be unique for me but not between all my devices? Meaning having the same AppEUI for all my nodes. (The devices have unique DEVEUIs)

Thanks

Sure, you can, but should you?

Personally I find App/JoinEUIs useful to partition batches - either for bulk shipments for a client or for a production batch for retail use (not happened yet but can be done).

Why not have the same AppKey across all your devices as well - so you can make it really simple instead of just simple for someone to pickup up OTAA keys and use a moderate spec machine to crack all the other keys for all the other devices you sell.

And good luck with that Join server - when I have three qualified competent members of staff to look after a stack I’ll consider running such a thing - you need holiday / sick coverage and for some customer bases you will need 24hour on-call monitoring / support.

What is the reason that it is better to have unique AppEUIs (versus all zero), specially when you use an external join server?

I thought that with a unique DevEUI, the combination will still be unique?

Thanks for the heads up…! I have not looked into that yet, I am just preparing my nodes so that it would be possible with an external join server in the future.

Entropy

The nodes don’t have to be prepared beyond not all having the same ‘all-zero’ JoinEUI because …

What has LoRaWAN and thermodynamics to with each other now…? :stuck_out_tongue_winking_eye: Sorry but your answer are too short or too compressed for me to understand in this context.

1 Like

Entropy in Cryptographic systems.

If all your App/JoinEUI’s are all zeros, you’ve just eliminated 64 bits of information making it far simpler for “me” to use your MA-S registration (did you make it private?) to generate the other 28 bits, even easier after I’ve purchased a couple of your devices so I can get a sense of where you have started the 28 bit counter.

I can then sit and create join requests to my hearts content which, when I get a join accept means I’ve taken the original node off the network and I can start sending all sorts of uplinks, which as I own a device, I can use the payload format to send all sorts of slightly off data.

And then, and this is the kicker, I can just do it day in, day out, until you physically replace the node.

And I don’t need to be near a node to do this, I can do it from my beach house on Necker Island and I don’t need to use a node or a radio, I can hack some gateway code to send join requests from one or more computers somewhere in Eastern Europe whilst sipping Mai Tai’s and thinking about going snorkelling.

So, two lots of 64 bit EUI’s make this exponentially harder as an O(log n) problem. I can make this harder still, but it’s commercial in-confidence.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.