[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
David Wagner
daw at mozart.cs.berkeley.edu
Fri Jan 24 14:05:03 EST 2003
Len Sassaman wrote:
>This is a rather clever technique for discovering the second key of a
>dual-keyed lock; however, it wasn't previously unknown.
>
>It was described to me in 1997, when I first started working with
>locksmithing, [...]
>
>The fact that AT&T couldn't find much public mention of this technique
>isn't surprising. Locksmithing is a more secretive discipline than
>cryptography. Locksmiths generally don't discuss the plethora of ways to
>defeat standard physical security techniques with the general public.
If those locksmiths didn't publish the vulnerability, phooey on them.
Matt Blaze deserves full credit for being the first to publish.
What good is it to know about a vulnerability if you never warn the
users and never fix the weakness?
In scientific research, we credit the first person to publish new
knowledge. Sure, maybe you've invented a cure for cancer ... but if
you don't tell anyone, you don't get the credit, and you haven't done
much good for the world.
I think, on balance, Matt Blaze's paper seems likely to be beneficial
for users of locks. It helps us more accurately evaluate our own
security and be smarter about how we select physical security defenses.
That seems likely to lead to greater security for all of us in the end.
We should be grateful to Blaze for publishing, not dismissive.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list