[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

Matt Blaze mab at research.att.com
Fri Jan 24 15:41:23 EST 2003 

Len,

We're probably getting a bit into the depths of the details for this
(cryptography-oriented) list, so I'll certainly understand if Perry doesn't
forward this on.

It surely would be possible to have a Medeco-type design using
different rotations for the change and master by cutting new holes/grooves
in the bottom pin.  I've not seen that on any of the Biaxial pins
I've looked at, and the Medeco pinning kits I've seen  seem to have
such pins in them (maybe they sell them only to certain customers?  In
any case, such a kit would have to be very large indeed).

But even if they did, you'd still be able to straightforwardly do the
attack, consuming up to 3 (in the standard design) or 6 (in the Biaxial
design) blanks per pin (at each rotation/offset).

Some of the "restricted" Medeco blanks are in fact readily available; others
aren't but can be modified from available blanks, and still others
seem to require extensive milling or casting.

-matt

> On Fri, 24 Jan 2003, Matt Blaze wrote:
> 
> > I have no particular interest in seeing you eat crickets (and before
> > I went veggie I've eaten a few myself; taste like whatever they're
> > cooked in), but I've done it on Medecos; it's no problem.
> 
> Well, unfortunately I specified "live", which probably precludes the
> cooking bit. Hmm. Cricket fondue, perhaps.
> 
> > The angles will be the same on the master as the change key; only the
> > cut depth will differ.
> 
> That isn't necessarily the case. High-security Medecos can have multiple
> valid pin rotation positions -- the pin's angled surface doesn't need to
> be flush with the key. This allows much larger number of possible pin
> combinations, and I think it would make your attack infeasible in practice
> (particularly since the attacker presumably doesn't know if there are
> dummy steps added, or if the key is part of a master-ring system. That's a
> lot of work to do only to find out the attack wouldn't have worked in the
> first place.)
> 
> > If you have a code cutter at the oracle lock it's no different from
> > doing the attack regular locks, except that Medeco's MACS restrictions
> > mean you have to be careful about whether you use the change depth or
> > previously learned master depth at the positions adjacent to the
> > position under test.
> 
> That would certainly be true.
> 
> > If you're using a file at the oracle lock, just use a code machine to
> > pre-cut a #1 cut at the right angle at each position; the sharp angle
> > actually makes filing a bit easier than on locks with a standard cut.
> 
> > I recommend a light garlic sauce.
> 
> *grin*
> 
> Have you found a source for the factory-controlled Medeco key blanks?
> 
> 
> --Len.
> 



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list