Closed avbentem closed 3 years ago
Hello!
Ok, thank you for the update. I'll update the readme in order to avoid mentioning that DevAddr should be unique. Anyways, as mentioned in the alert description, it's not a threat, but it is an informational alert.
Thank you for pointing out this :)
The README states for LAF-002:
This is not true. The number of truly available DevAddr's is much too low to allow them to be unique. First, it contains a prefix:
Next, a network may use specific logic in the remaining 25 bits, like for The Things Network (TTN):
So, TTN only uses as few as 12 bits within a region and class to generate a DevAddr, yielding only 4,096 unique values within such region and class.
(Also, of course, devices might be assigned a DevAddr that was used by other devices in the past.)