[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

Donald Eastlake 3rd dee3 at torque.pothole.com
Sun Jan 26 21:12:34 EST 2003 

On Sat, 25 Jan 2003, Pete Chown wrote:

> Date: Sat, 25 Jan 2003 11:53:23 +0000
> From: Pete Chown <Pete.Chown at skygate.co.uk>
> To: cryptography at wasabisystems.com
> Subject: Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
> 
> Len Sassaman wrote:
> 
> > Most of the time, the lock is not the weakest point of attack.
> 
> Isn't this like saying that cryptography isn't important, because most 
> real world attacks aren't cipher breaks?  Also, if you pick the lock, 

You are coming at this from a software/computer mindset that just isn't
applicable to this sort of physical world security. Sure, in the ~0
fabrication and distribution cost world of software, you might as well
use strong crypto because its costs ~0 and probably a lot of the other
weaknesses are also software and can also be avoided for ~0 cost.

If you can think of a more secure physical lock design that is CHEAPER,
run out and patent it now. You will probably make money. But most
substantially more secure physical locks are substantially more
expensive to fabric being more complex and frequently requiring tighter
mechanical tolerances.

> potentially no one will know that you gained access.  An ordinary 
> burglar can just break a window, but someone with a more subtle reason 
> for wanting to gain access may not want to.

It is usually not that hard to gain invisible access even with quite
crude methods.

> If I wanted to make a building physically secure, my instinct would be 
> to use electronic locks.  While attacks on, say, an iButton are probably 
> possible, it seems to me that it must be an order of magnitude more 
> difficult than attacking a mechanical lock.

The lock almost never has anything to do with it. Why is it you never
see simple pin tumbler locks on safes and vaults? Because, with
substantial metal and/or solid reinforced concrete walls on all sides
and no windows, it is actually worth the cost of good combination locks,
possibly with time lock in addition.

If I wanted to make a building more secure, even if for some reason I'm
just looking at the only door, there are a lot of things I'd look at
right away: Are the hinges on the outside and if so what steps have
beeen taken to stop someone from removing the hinge pins and removing
the door? Is there an astragal to stop people from credit-carding the
door? What steps have been made to stop someone from spreading the door
frame so that any bolts no longer latch? If there is a lock cylinder,
can you just unscrew it from the outside and open the door with a
scredriver (I have determined by experimentation that most cylinder set
screws will easily give way and allow you to unscrew the cylinder with
minimal damage)? Is there any kind of opening above the door, like a
transom (even if it is tiny, you may be able to drop a loop down inside
and turn the internal door knob, opening the door despite its being
locked for the outside knob)? Etc. Etc. Oh, and I suppose you could
think about attacks on the security of the lock itself, which is
probably pin tumbler.

But it probably has lots of window/wall/roof/basement/etc. weaknesses
that have nothing to do with the door.

It's just silly to spend, say, $50 more, on a more secure lock unless
you are really willing, in the forseeable future, to spend hundreds or
thousands of dollars or even more on other weaknesses to make most of
them approximately as strong.

There are also other factors in planning physical security. I've had to
actually break through a wall because an electronic lock's battery back
up power died because the transformer for a building was being replaced
and it had absolutely no power feed for a few days. The repair of such
wall damage is an expense. Mechanical devices do not have the problem of
requiring power (PS: Brass is self lubricating).

> Now, I'm not an expert on locks, so firstly am I right?  If so, does 
> this mean that high security mechanical locks will gradually disappear?

There are markets for a wide variety of locks. I do not believe that
high security or low security mechanical locks will disappear in my
lifetime.

Thanks,
Donald
======================================================================
 Donald E. Eastlake 3rd                       dee3 at torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake at motorola.com



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list