[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

Len Sassaman rabbi at abditum.com
Fri Jan 24 14:10:58 EST 2003


On Fri, 24 Jan 2003, Arnold G. Reinhold wrote:

> If all the master cuts are higher than the change cuts, I believe you
> can carry out Len's procedure with a single blank. You start with the
> master key and file it down one pin position at a time until it
> becomes the change key.

If that were the case, sure. However, you usually can't know that the
master key sheer line is higher than the change key, so this doesn't work
in practice.

> The apparently common restrictions on where the master cuts can be
> relative to the change cuts would seem to severely limit the number
> of possible master keys for any given lock style.

Note that these aren't actually direct restrictions on where the master
key sheer line is in relation to the change key sheer line, but instead
restrictions on the height difference between a given pin and the pins
adjacent to it.  This has the side-effect of limiting where the master key
sheer line is in respect to the change sheer line, because both of these
must be within the allowed distance of steps between pins.

(This is a purely physical limitation. If you had pins that were of
drastically different heights next to each other, key insertion would be
extremely difficult or impossible.)

> It might well be possible to construct a priori a set of all possible
> master keys for a given lock style. This would make such systems
> vulnerable to someone who lacks even a change key.

Heck, it's possible to construct a set of all possible *keys* for a given
lock. Even with the optimizations of knowing which pin combinations are
physically impossible to use, however, this is still a lot of
combinations.

> A careful lock picker could also deduce a lot of information on where
> the master cuts are.

Yes. A very talented locksmith could decode a pin combination on a lock
using special lock-picking tools, such as a feeler. However, in nearly all
real-world scenarios, this would not make sense. Most of the time, the
lock is not the weakest point of attack. Attacking the lock in this manner
is analogous to breaking a crypto-system by attacking the cipher. Usually,
other parts of the implementation are much weaker.

(And, in the case of a legitimate entry by a locksmith, destroying the
lock by drilling or other means would probably be cheaper than the labor
costs.)

If you have a location which is secured in such a manner that the lock's
security is of concern, you should look into a lock such as Medeco, which
employs a number of security features which resist these attacks. (Angled
cuts, restricted key blanks, etc.)

(On another list, I joked that if Matt could get his technique to work on
a Medeco master-keyed system by July, I'd eat a pound of live crickets at
DEFCON.  I'll hold myself to that.)


--Len.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list