[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
Derek Atkins
derek at ihtfp.com
Fri Jan 24 15:17:22 EST 2003
Matt Blaze <mab at research.att.com> writes:
> I have no particular interest in seeing you eat crickets (and before
> I went veggie I've eaten a few myself; taste like whatever they're
> cooked in), but I've done it on Medecos; it's no problem.
Having taken apart Medeco's before, I have to agree with Matt that
this attack would work fine on old-style medecos with a groove for the
the turn-bar. This means the twist is the same at all pin heights for
any particular pin.
> The angles will be the same on the master as the change key; only the
> cut depth will differ. If you have a code cutter at the oracle lock
> it's no different from doing the attack regular locks, except that Medeco's
> MACS restrictions mean you have to be careful about whether you use the
> change depth or previously learned master depth at the positions adjacent
> to the position under test. If you're using a file at the oracle lock,
> just use a code machine to pre-cut a #1 cut at the right angle at each
> position; the sharp angle actually makes filing a bit easier than on
> locks with a standard cut.
There is, however, a newer medeco design that uses a drill-hole
instead of a groove. With that design you can have the pin twist be
different at different pin-heights (by putting the drill-hole at a
different twist-angle). I don't think this attack would work quite
as easily on this design.
-derek
--
Derek Atkins
Computer and Internet Security Consultant
derek at ihtfp.com www.ihtfp.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list