[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

Arnold G. Reinhold reinhold at world.std.com
Fri Jan 24 13:42:16 EST 2003 

At 6:16 PM -0800 1/23/03, Harvey Acker wrote:
>The content, once extracted, was interesting to
>someone who did not know how locks worked, but the
>attack was obvious as soon as one read the description
>of how master keys worked.

I knew how master keys worked. I had one when I was at MIT and I've 
picked a few locks myself. I know a little crypto too, but I didn't 
think of this attack.  Lots of things are obvious once you've read 
them.

>
>To dress this up with "P(H-1) key blanks", "rights
>amplification", oracles, and other crypto analogies,
>was silly.

I'm sure there is street argot for most of these terms, but Matt's 
paper is great tutorial on what they mean in a practical, physical 
setting.  Anyway, it got his picture in New York Times: 
http://www.nytimes.com/2003/01/23/business/23LOCK.html

At 9:38 AM -0800 1/24/03, Len Sassaman wrote:
>...
>This is a rather clever technique for discovering the second key of a
>dual-keyed lock; however, it wasn't previously unknown.
>
>I do give Matt a lot of credit for having come up with it independently,
>though I think it is worth pointing out that any good locksmith would
>already have been aware of this.
>
>It was described to me in 1997, when I first started working with
>locksmithing, as a way of determining a given lock's change key knowing
>only the master key (and having access to the lock, but not the ability or
>desire to disassemble it.) Using this to find a change key when you have a
>master key isn't nearly as interesting from the point of view of an
>attacker, but is the more common use of this technique in the locksmithing
>field.

If all the master cuts are higher than the change cuts, I believe you 
can carry out Len's procedure with a single blank. You start with the 
master key and file it down one pin position at a time until it 
becomes the change key.

The apparently common restrictions on where the master cuts can be 
relative to the change cuts would seem to severely limit the number 
of possible master keys for any given lock style.  It might well be 
possible to construct a priori a set of all possible master keys for 
a given lock style. This would make such systems vulnerable to 
someone who lacks even a change key. A careful lock picker could also 
deduce a lot of information on where the master cuts are.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list