[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

Donald Eastlake 3rd dee3 at torque.pothole.com
Mon Jan 27 07:49:12 EST 2003 

My message was not a reply to Matt's paper.

It was a reply to a message that said, approximately, "If I wanted to
SECURE A BUILDING the first thing I would do is worry about the LOCK and
replace it with an electric lock..." It did NOT say "If I wanted to
SECURE A LOCK...".

My reply was to point out that the suggested strategy for securing a
building would almost always be the wrong strategy.

I agree that locks and methods of defeating them are intersting.

Thanks,
Donald
======================================================================
 Donald E. Eastlake 3rd                       dee3 at torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake at motorola.com

On Mon, 27 Jan 2003, Faust wrote:

> Date: Mon, 27 Jan 2003 13:57:30 +0000
> From: Faust <urfaust at optushome.com.au>
> To: Donald Eastlake 3rd <dee3 at torque.pothole.com>
> Cc: Pete Chown <Pete.Chown at skygate.co.uk>, cryptography at wasabisystems.com
> Subject: Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
> 
> 
> > You are coming at this from a software/computer mindset that just isn't
> > applicable to this sort of physical world security. 
> 
> 
> Matt's paper was about _locks_.
> In case you have forgotten, the title was "Cryptology and Physical Security: 
> Rights Amplification in Master-Keyed Mechanical Locks".
> 
> To weakly criticize his paper because it did not talk about the cost of
> fabrication or physical tolerances misses the point entirely.
> 
> There _are_ situations where information leakage is of concern.
> 
> I can imagine other applications of Matt's methods to other forms of
> physical security.
> 
> In any case, it is intrinsically interesting 
> 
> In practice, social engineering is far easier to use to access secure premises.
> Bribe a guard, go to bed with a person with access etc..
> However, that is not the proper domain of a study of rights amplification.
> 
> 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list