[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

Len Sassaman rabbi at abditum.com
Fri Jan 24 15:32:52 EST 2003


On Fri, 24 Jan 2003, Matt Blaze wrote:

> I have no particular interest in seeing you eat crickets (and before
> I went veggie I've eaten a few myself; taste like whatever they're
> cooked in), but I've done it on Medecos; it's no problem.

Well, unfortunately I specified "live", which probably precludes the
cooking bit. Hmm. Cricket fondue, perhaps.

> The angles will be the same on the master as the change key; only the
> cut depth will differ.

That isn't necessarily the case. High-security Medecos can have multiple
valid pin rotation positions -- the pin's angled surface doesn't need to
be flush with the key. This allows much larger number of possible pin
combinations, and I think it would make your attack infeasible in practice
(particularly since the attacker presumably doesn't know if there are
dummy steps added, or if the key is part of a master-ring system. That's a
lot of work to do only to find out the attack wouldn't have worked in the
first place.)

> If you have a code cutter at the oracle lock it's no different from
> doing the attack regular locks, except that Medeco's MACS restrictions
> mean you have to be careful about whether you use the change depth or
> previously learned master depth at the positions adjacent to the
> position under test.

That would certainly be true.

> If you're using a file at the oracle lock, just use a code machine to
> pre-cut a #1 cut at the right angle at each position; the sharp angle
> actually makes filing a bit easier than on locks with a standard cut.

> I recommend a light garlic sauce.

*grin*

Have you found a source for the factory-controlled Medeco key blanks?


--Len.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list