[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
Len Sassaman
rabbi at abditum.com
Fri Jan 24 15:32:52 EST 2003
On Fri, 24 Jan 2003, Matt Blaze wrote:
> I have no particular interest in seeing you eat crickets (and before
> I went veggie I've eaten a few myself; taste like whatever they're
> cooked in), but I've done it on Medecos; it's no problem.
Well, unfortunately I specified "live", which probably precludes the
cooking bit. Hmm. Cricket fondue, perhaps.
> The angles will be the same on the master as the change key; only the
> cut depth will differ.
That isn't necessarily the case. High-security Medecos can have multiple
valid pin rotation positions -- the pin's angled surface doesn't need to
be flush with the key. This allows much larger number of possible pin
combinations, and I think it would make your attack infeasible in practice
(particularly since the attacker presumably doesn't know if there are
dummy steps added, or if the key is part of a master-ring system. That's a
lot of work to do only to find out the attack wouldn't have worked in the
first place.)
> If you have a code cutter at the oracle lock it's no different from
> doing the attack regular locks, except that Medeco's MACS restrictions
> mean you have to be careful about whether you use the change depth or
> previously learned master depth at the positions adjacent to the
> position under test.
That would certainly be true.
> If you're using a file at the oracle lock, just use a code machine to
> pre-cut a #1 cut at the right angle at each position; the sharp angle
> actually makes filing a bit easier than on locks with a standard cut.
> I recommend a light garlic sauce.
*grin*
Have you found a source for the factory-controlled Medeco key blanks?
--Len.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list