Check out this NY Times Article
Christopher Colvin
By JOHN SCHWARTZ
A security researcher has revealed a little-known vulnerability in many
locks that lets a person create a copy of the master key for an entire
building by starting with any key from that building.
The researcher, Matt Blaze of AT&T Labs-Research, found the vulnerability by
applying his area of expertise - the security flaws that allow hackers to
break into computer networks - to the real-world locks and keys that have
been used for more than a century in office buildings, college campuses and
some residential complexes.
Whole story at...
http://www.nytimes.com/2003/01/23/business/23LOCK.html
Henry E Schaffer
I went there to read it - the technique is apparently called
"decoding" (it apparently is not impressioning, but I couldn't tell for
certain) and is described as being *very* easy/fast.
"All that is needed, Mr. Blaze wrote, is access to a key and to the lock
that it opens, as well as a small number of uncut key blanks and a tool
to cut them to the proper shape. No special skills or tools are
required; key-cutting machines costing hundreds of dollars apiece make
the task easier, but the same results can be achieved with a simple
metal file."
Note the "small number" of key blanks. And then it continues,
'After testing the technique repeatedly against the hardware from major
lock companies, Mr. Blaze wrote, "it required only a few minutes to
carry out, even when using a file to cut the keys."'
How long is a "few minutes"?
I guess I don't get it. Given a change key, one can guess that it
shares some of its cuts with the master. But certainly one can't know
which ones or how many. So there are two groups of cuts:
1) Shared with master - probably at least one, certainly not all.
2) Not shared with the master - at least one, probably more. At least
one of this group is likely to be deeper than the master at that
position.
This seems to leave a huge number of possibilities - more than can be
probed with "a small number" of blanks.
Any ideas? (Remember that this has been "submitted for publication in
a computer security journal".)
--
--henry schaffer
h...@ncsu.edu
"Keyman"
message news:10433531...@cswreg.cos.agilent.com...
Mr. Blaze would spend much time trying to do this using one key
and a lock.
(figuring and cutting the key with a file)
he sure wouldn't do it in a "few minutes" as he states..
computer security and mechanical lock security are very different
animals.
handling a mouse and handling a file are very different skills.
my2ยข
--
"Keyman"
Christopher Colvin
the master at 0 or 1. You can file, but you can't add back. Systems do
have inherent weaknesses, ghost keys, etc. But I would suspect most bad
guys wouldn't go to the trouble.
"Christopher Colvin" <newsgroups@colvin.n*o*s*p*a*m.net> wrote in message
news:10433531...@cswreg.cos.agilent.com...
KD
Too many variables.
Who believes everything they read?
"Christopher Colvin" <newsgroups@colvin.n*o*s*p*a*m.net> wrote in message
news:10433531...@cswreg.cos.agilent.com...
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----
Joe Kesselman (yclept Keshlam)
> A security researcher has revealed a little-known vulnerability in many
> locks that lets a person create a copy of the master key for an entire
> building by starting with any key from that building.
I'll have to look at this, but this sounds like a fine theory that won't
survive contact with the real world unless he's including materials
and/or constraints not mentioned in the summary.
--
Joe Kesselman, http://www.lovesong.com/people/keshlam/
{} ASCII Ribbon Campaign
/\ Stamp out HTML mail!
Stacy Nash
"Christopher Colvin" <newsgroups@colvin.n*o*s*p*a*m.net> wrote in message
news:10433531...@cswreg.cos.agilent.com...
Blaze's full paper is available here:
http://www.crypto.com/papers/mk.pdf
Interesting read, let me know what you all think.
-Stace
Christopher Colvin
It was nice to see the report first hand.
Chris
d...@tanj.com
>
> "Christopher Colvin" <newsgroups@colvin.n*o*s*p*a*m.net> wrote in message
> news:10433531...@cswreg.cos.agilent.com...
>> Master Key Copying Revealed
>> By JOHN SCHWARTZ
>>
>>
>> A security researcher has revealed a little-known vulnerability in many
>> locks that lets a person create a copy of the master key for an entire
>> building by starting with any key from that building.
>
> http://www.crypto.com/papers/mk.pdf
>
> Interesting read, let me know what you all think.
>
OK, I may have missed something there, but did he really discover
progressing the cuts for a lock? I don't see how the method he used would
differentiate a master from a grand master from a ghost. He can't be
sure that it will open anything else until he tries a lock at another
location where he is not authorized. That's a bad time to be stuck
outside a door.
I also don't see why he thinks that spending the time to file a key in
.005 or even .015 inch increments at 5 to 7 different cuts is not going
to look suspicious in a high security setting. I'd fire a guard that
allowed that much time between rounds at a high security site.
Daniel
Ralph A. Schmid, DK5RAS
>I also don't see why he thinks that spending the time to file a key in
>.005 or even .015 inch increments at 5 to 7 different cuts is not going
>to look suspicious in a high security setting. I'd fire a guard that
>allowed that much time between rounds at a high security site.
He just needs one lock of the system; why not hide inside a toilet or
something like that to file the key? If it fits the toilet lock he can
try tohers with more importance.
>Daniel
regards - Ralph
--
Want to get in touch? http://www.radio-link.net/whereisralph.txt
Coherers
Amplification" in the paper's title. By definition the attacker needs to
have access to a mastered lock and to the key for it, and will either work
at the site or be partly trusted in some other way.
Thinking about secure locations I have access to, I **know** that I could do
what was needed if so inclined. All you need to have is half a dozen "work
in progress" keys on a key ring, and test them out on your "own" lock.
Nobody would think twice if they saw an employee trying to open a door to a
room that he has access to with the "wrong" key. The attacker can then cut
back the position on the keys that don't work at home at his leisure and
repeat the process next day - he would have the master in a week or two.
Once the master is prepared, then trying it out on a lock he has no rights
to is then just a matter of finding the right moment.
Your point about grand mastering, submastering etc. is a very good, and one
the author does not address in the paper. However, surely a key produced
using the mechanism described will still open all locks at the same
mastering level as the key/lock to which the attacker has access?
Coherers
d...@tanj.com
>
> Your point about grand mastering, submastering etc. is a very good, and one
> the author does not address in the paper. However, surely a key produced
> using the mechanism described will still open all locks at the same
> mastering level as the key/lock to which the attacker has access?
>
> Coherers
The main killer for this plan is that there is an better chance that all
the person has stumbled upon was a ghost or phantom bitting. The person
did not say how he validated his efforts. The best way to do that would
have been to take his reverse engineered key to the locksmith for the
establishment and ask if it matched the master key. I don't know if the
locksmith would answer truthfully, any more than I would when asked to
verify the internal network or applications at my company.
Of course, I could be wrong :-)
The article totally ignores a time honored method of getting the master,
and that is to work as an after hours janitor. No security check, work
is unsupervised and you're expected to be everywhere. They hand you
various masters, codes and sub masters. You're also expected to have lots
of keys, so fumbling with a lock is not suspicious. As an added bonus,
after a few weeks the night gaurd staff knows you so you become invisible.
Daniel
allan
would have access to a masterkeyed lock and some keys. If not then the article
is very misleading. As locksmiths we all know how easy it is to compromise a
sloppy mastered system so if this is what hes getting at then it's old news. I
can recall several building landords called us to for emergency work because he
couldnt get his regular locksmith there fast enough and I was shocked to see
masterkeyed cylinderd with only 2 or 3 pins. I could just about unlock them by
rapping on the door. This by the way was done by a prominent NY lock company. In
general, masterkeyed systems are not secure.
Allan
Coherers
which the article was based say that he "tested his attack against a variety
of medium- and large- scale institutional master keyed installations" ( all
of which had just the one level of mastering) and that he was working with
the cooperation of the owners of the lock system, I would be very surprised
if the reverse-engineered key was not compared with the "real thing". He is
a scientist, and I would expect no less.
As for the janitor, you are dead right. It is the human link in the chain
that is usually the weakest with any system.
Reverse-engineering the master like this is a genuine vulnerability. But
just how much of a risk is it, when compared with the fact that raking a
mastered lock is significantly easier anyway (IMHO) or, as you say, that the
janitor may not be trustworthy?.
<d...@tanj.com> wrote in message news:47gY9.20041$rM2.16904@rwcrnsc53...
Matt Blaze
Coherers <nos...@deathtoallspammers.com> wrote:
>On validation, he doesn't actually say how he checked, but the paper on
>which the article was based say that he "tested his attack against a variety
>of medium- and large- scale institutional master keyed installations" ( all
>of which had just the one level of mastering) and that he was working with
>the cooperation of the owners of the lock system, I would be very surprised
>if the reverse-engineered key was not compared with the "real thing". He is
>a scientist, and I would expect no less.
>
Actually, there were several levels of mastering in some cases, but
this attack always yields the TMK on conventionally combinated modern
TPP and RC based master systems. (In my experiments, I found
both RC and TPP systems). There may be some complications with
systems that do sub-mastering in non-standard or no-longer-advised
ways but they make the attack easier or at worst require testing
against a couple extra locks to resolve ambiguity. The paper link to at:
http://www.crypto.com/masterkey.html
covers most of the details.
>As for the janitor, you are dead right. It is the human link in the chain
>that is usually the weakest with any system.
Indeed. People always use the janitor as the example, but in fact
janitors are often entrusted with very high-level access as part
of their job function (e.g., to empty the trash in locked offices).
-matt
Joe Kesselman (yclept Keshlam)
publicised... and he's overstating its effectiveness a bit, as well as
making some assumptions about the kind of mastering he's dealing with.
And his suggested cure is worse than the disease, I think.
The article _definitely_ over-hypes the issue; it's someone who didn't
understand the paper reviewing someone who was new to locks.
But if we screen out two layers of hype, he does have a valid point
buried in there.
> In general, masterkeyed systems are not secure.
In general, master keying significantly reduces security. How
significantly depends on the lock you start with and what kinds of
attacks you expect against the system. If you don't actually need
mastering, don't use it; if you do need it, start with a lock system
having above-average security and above-average key control.
Peter
wrote:
>
>Actually, there were several levels of mastering in some cases, but
>this attack always yields the TMK on conventionally combinated modern
>TPP and RC based master systems.
If you had a sub-master key but no access to a change key (possible
but unlikely) there could be ambiguity. However knowledge of
manufacturer's masterkeying methods would quickly resolve this. For
example one manufacturer bitted TMK's 0x9x0x or 0x9xx0 with the first
four cuts constant for all masterkeys.
Peter
<kes...@attglobal.net> wrote:
>Read through the paper. It's hardly a "little known" attack, just little
>publicised... and he's overstating its effectiveness a bit, as well as
>making some assumptions about the kind of mastering he's dealing with.
>And his suggested cure is worse than the disease, I think.
>
Masterkeying is deprecated for highest security applications eg
prisons, nuclear facilities etc but is no great convenience problem as
the inconvenience of accessing keys and getting doors open is accepted
in the running of such places.
The author rather 'broad brushes' the means of making it more
difficult to 'compromise' masterkey systems. While the various
methods can be overcome in theory, they are usually of a sufficient
deterrent.
Interestingly, the 'bi-lock' www.bilock.com could be the most
tricky to compromise in this manner. Not only is key duplication or
alteration tricky, the correct key (or picking) is required to
'cleanly' dismantle the cylinder (there is a special retaining clip).
Not to mention that a larger supply of blanks would be required than
normal (12 tumblers with 4 levels ).
Jay Hennigan
> I read this story also. I think the writer makes the assumption that a
> criminal
> would have access to a masterkeyed lock and some keys. If not then the article
> is very misleading. As locksmiths we all know how easy it is to compromise a
> sloppy mastered system so if this is what hes getting at then it's old news.
It is old news to the regulars here.
What is interesting, and has escaped comment in this thread, is the
philosophical difference between computer security professionals and
professional locksmiths.
This philosophical difference has been a recurring thread in this
newsgroup, often resulting in flames regarding "ethics" and winding
down to an agreement to disagree.
The paper describes in technical detail the workings of a security
system and describes the techniques of exploiting its weaknesses,
in public. This is very common within the computer security realm.
It is frowned upon by many in the locksmithing profession.
No, he didn't describe anything new to those who understand how
masterkeying systems work. He described, in public, a weakness in
a commonly-deployed security system, how to exploit it, and a means
of protecting against the exploit (master ring cylinders and dual
cylinder locks).
The only surprising thing is that the self-righteous folks here
haven't flamed him for this. It will be interesting to see the
reaction if this leads to further papers regarding such things as
combination lock manipulation, etc.
Will some people decry such papers as "unethical" and continue to
suggest that security through obscurity is a good policy? Don't
publish exploits in the hope that the bad guys won't discover them
on their own? i
It's very likely that this work was a complete eye-opener to the owners
of the educational and commercial installations where it was demonstrated.
"Here, give me one key to one door, a handful of blanks, and a file.
Hert's your grandmaster a few minutes later, and I'm publishing a
paper on how easy it is."
I would think that rather than continuing to promote security through
the obscurity of exploits that the professional locksmiths here would
use this type of publicity to promote more secure locking systems.
Or will they just flame the messenger?
--
Jay Hennigan - CCIE #7880 - Network Administration - j...@west.net
NetLojix Communications, Inc. - http://www.netlojix.com/
WestNet: Connecting you to the planet. 805 884-6323
Coherers
> Actually, there were several levels of mastering in some cases, but
> this attack always yields the TMK on conventionally combinated modern
> TPP and RC based master systems. (In my experiments, I found
> both RC and TPP systems). There may be some complications with
> systems that do sub-mastering in non-standard or no-longer-advised
> ways but they make the attack easier or at worst require testing
> against a couple extra locks to resolve ambiguity.
I had assumed from the paper that the tests were against a single level of
mastering from the line on page 8 "every system we tested... had at most one
master cut per pin..." ( Or am I missing something?)
I can see how it can be made to work more generally, as you say by testing
against locks in different submaster groups - as long as you can identify
them. Besides, this in no way affects the vulnerability of the majority of
such systems. Even getting a submaster is potentially a big, big hole.
By the way, an excellent piece of work - well done!
Coherers
Coherers
on alt.security.alarms. Although the cavalry came to the rescue with one
contributor in particular making an excellent case for the benefits of
openness.
I think we have to recognise that there is security to be gained from
obfuscation. In the physical security world, a vault is that bit stronger if
a potential attacker doesn't know where the lock box is going to be. Or if
you hide a safe in the building, it makes it that bit harder for a burglar.
In computing, keeping secret the exact details of a seeding algorithm, or
not giving out information in a Telnet session as to the OS in use makes it
that bit harder for a potential attacker. All examples of security through
obscurity.
In cases of the more obscure computing vulnerabilities ( particularly some
buffer overflows in web server add-ons) and given the short life cycle of
some software products out there, I wonder if they would ever have been
exploited if not publicised. It is a lot easier for the researchers to
realise an attack is useful if they have a debugger attached to the server
process. It is interesting to note that in many cases, subsequent to
exploits being published on CERT, the first real world attacks have
occurred. I tend to favour openness, but I think you will agree that the IT
world is not in total unanimity on this.
And at some point the distinction between what is a vulnerability and what
is just a limitation to the system blurs. In the real world, most
environments are not going to be able to afford "perfect" security systems,
and will need to compromise and acquire systems with limitations. Sure the
system owner needs to know them when he makes the compromise between
security and costs ( financial, operational, ease of use etc.), but does it
then benefit the owner if these become widely known?
At the end of the day there is a balance to be struck between the undoubted
benefits that can come from an open approach and the protections that
obscurity can give. On balance, I think the author is right to publish here,
although I am not 100% sure.
"Coherers"
"Jay Hennigan" <j...@west.net> wrote in message
news:tkpY9.50$Cc3....@newsfeed.avtel.net...
Joe Kesselman (yclept Keshlam)
> What is interesting, and has escaped comment in this thread, is the
> philosophical difference between computer security professionals and
> professional locksmiths.
Noted, didn't think it was worth commenting on since the FAQ already
summarizes that debate.
> Will some people decry such papers as "unethical"
I do feel that publishing it was unwise -- self-serving, and not in the
net public interest. There are better ways to publish this result... and
as noted, the result is not as novel as the (relatively uninformed)
author believes.
> Or will they just flame the messenger?
Not worth it in this instance. Barn door. Horse. Probably ineducable owner.
Billy B. Edwards Jr.
> Actually, there were several levels of mastering in some cases, but
> this attack always yields the TMK on conventionally combinated modern
> TPP and RC based master systems. (In my experiments, I found
> both RC and TPP systems). There may be some complications with
> systems that do sub-mastering in non-standard or no-longer-advised
> ways but they make the attack easier or at worst require testing
> against a couple extra locks to resolve ambiguity.
I guess I should thank you for citing my book as a good reference, but I
have misgivings about the information you published. Certainly that
method has been known to locksmiths who have given keying techniques any
thought since 1889 when the first MK system was created, but most of us
have refrained from publishing it because of the damage it could cause.
Had you been more connected to the lock industry you would know that the
technique is virtually unknown outside the industry. You can check
right here among the most knowledgeable amateur to verify that. From
the remarks here and some of your own, the depth of the danger involved
in widely distributing this technique hasn't been grasped yet, and
hopefully won't be any time soon. I certainly won't elaborate here to
compound the damage potential.
Your publication of the technique was as near as I can tell careless and
self serving and failed to consider the ramifications to the public. It
will be interesting to see if some class action suits rise out of this
once a few burglaries, robberies and rapes or worse can be blamed on use
of the published method.
There is only one mechanical lock alternative to prevent this method of
attack and that is the use of patent protected keys with controlled
distribution. The problem is that it isn't physically possible to
produce enough of those to replace the non-protected locks in place on
an immediate basis, in fact it may not be possible to produce
replacements within a couple of years. The high security industry has
been running at near capacity since it started in the US in 1968 and is
no where near replacing a majority of older non-protected locks and keys
and is already starting on its third generation.
Electronics aren't the answer either because of their higher price and
tendency to fail. They may offer better encryption or just plain
resistance to decoding for a while but their lives are short lived at
this point in their development. Add to that the potentials of
operation or destruction by EMP or simple static discharge and they may
actually be less effective than most mechanical locks.
My 2ยข
BBE.
Henry E Schaffer
Matt Blaze <m...@research.att.com> wrote:
> ...
>Actually, there were several levels of mastering in some cases, but
>this attack always yields the TMK on conventionally combinated modern
>TPP and RC based master systems. (In my experiments, I found
>both RC and TPP systems).
There appear to be two separable aspects of the article:
1) Mapping the pin stacks. Because the the independence of the pin
stacks, they can be mapped one by one - and that's what lets it be done
with only p blanks and p(h-1) cuts.
2) Determining the master key(s) (TMK or ?) from the pin map. In
general this can't be done. But with enough contraints on the method of
generating the change/master keys (the "system") then it might be
possible to determine the TMK for a single or several level mastering
system. mab above says that this can be done for TPP and RC, but
>There may be some complications with systems that do sub-mastering in
>non-standard or no-longer-advised ways
Are all non-TPP/RC systems "non-standard or no-longer-advised"?
Knowing how independant minded locksmiths are, I'd think that there
would be many methods, not just two, in standard/advised use. (But what
do I know.)
>but they make the attack easier
I wonder how this could be?
>or at worst require testing
>against a couple extra locks to resolve ambiguity.
This isn't trivial - it could involve generation of a fairly large
number of keys (unless one has the change keys for these extra locks.)
> ...
A very simple example - two pin stacks have a master pin in them,
giving two cuts in them. 1, 3 in one, 2, 4 in the other. The change
key has cuts 3,2. What cuts does the master have - There are 4 sets:
1,2; 1,4; 3,2; 3,4 Evaluating them:
1,2 possible
1,4 possible
3,2 not possible - this is the change key
3,4 possible, but bad practice (no advised) because no "higher" cuts
I don't think it is possible to say what is the TMK without adding in
additional constraints to eliminate "possible" cut combinations. I
think that other posts have alluded to this by pointing out that there
can be various ghost keys or submasters found among the possibilities.
--
--henry schaffer
h...@ncsu.edu
Matt Blaze
comprehensive and accessible treatment of the subject I've read.
However, I'm a bit surprised that you'd choose to respond with an
ad hominem attack. You've speculated (inaccurately) about my motives
for writing the paper, and you have no way of knowing what I did and
didn't consider before I published it other than that I acted
differently than you might have under the circumstances.
But it doesn't really matter -- my motives are irrelevant. It could
just as easily have been a criminal that had written my paper, and
we'd all be in exactly the same place we are now.
There is considerable evidence that similar methods for master key
decoding have been discovered and rediscovered over the years, used
illicitly and passed along as folklore (several people have unearthed
Internet postings dating back as much as 15 years describing how to
make master keys). Curious college students -- and we can presume
professional burglars -- seem to have long been able to get their
hands on master keys to the places that interest them.
I'm surprised and a bit disturbed to learn that the locksmithing
profession has known about this and chosen to do nothing -- not even
warn its customers -- for over a century. The technique does not seem
to appear in open (or even closed) texts on locks and security; I had
to rediscover it for myself. Your book, for example, mentions the
conspiracy attack against TPP systems but does not cover the oracle
attack. One wishes this method had been documented somewhere in a way
that would have allowed the threat to be addressed and lock customers
to make informed decisions.
In addition to restricted keyways, as you know there are lock designs
that turn out to resist this threat, including master rings (which I
believe are still in made for a few commercial applications) and
bicentric locks (the last model of which I believe was discontinued a
few years ago). While these designs are a bit more vulnerable to pin
decoding of the master by someone able to steal an installed lock, they
resist completely the adaptive oracle attack. It's a pity that
stronger alternative designs have been allowed to die a quiet death in
the marketplace while customers, ignorant of the risks, have spent a
hundered years investing in inferior systems.
Regards,
-matt
Glen Cooper
far, and the next thing to (NOTHING) I've read is BBE saying people should
use restricted keyways.
Give me a break. A true locksmith will let the customer know a master key
is not good if a blank can be taken from Sears.
I use restricted blanks that you or the person off the street can't get.
I understand that these keyways have only been around for 35 years but ain't
that long enough?
DUH!
Glen
Peter
wrote:
>First of all, let me say I enjoyed your book very much; it's the most
>comprehensive and accessible treatment of the subject I've read.
>
>However, I'm a bit surprised that you'd choose to respond with an
>ad hominem attack. You've speculated (inaccurately) about my motives
>for writing the paper, and you have no way of knowing what I did and
>didn't consider before I published it other than that I acted
>differently than you might have under the circumstances.
>
I wonder how your employer / sponsor (AT&T) would react to a paper
discussing how to obtain free long distance or payphone calls. This
may not be such a problem now, but Ma Bell would have been ripped off
badly in the days before computer control of telephone networks was
common.
It is also worth pointing out that many apartment dwellers are obliged
to have masterkeyed locks on their apartments - the cost of electronic
systems would be excessively burdensome. Surely they deserve to have
their security protected by responsible people 'in the know'
exercising discretion.
I am not a professional, but have a reasonably good understanding of
masterkeying. Despite that, I keep quiet about the sensitive areas of
masterkeying.
I used to manage a utility meter department, hence have some
understanding of power theft, but I do not spread around the methods.
Ralph A. Schmid, DK5RAS
>As for the janitor, you are dead right. It is the human link in the chain
>that is usually the weakest with any system.
And exactly that is the point! I just can repeat my opinion,
pin-tumbler locks are outdated by means of security, only locks with a
key design which prevents easy duplication (milled keys and such)
offers a kind of security; but only when every key can be tracked all
the time to its owner.
>Reverse-engineering the master like this is a genuine vulnerability. But
>just how much of a risk is it, when compared with the fact that raking a
>mastered lock is significantly easier anyway (IMHO) or, as you say, that the
>janitor may not be trustworthy?.
It is for example a risk when lazy employees start making their own
masters, just to reduce the number of carried keys, or not having to
ask all the time someone for the right key. I have seen this, once in
an army installation, and in an university. This behaviour does not
affect the security in the first moment (if you trust your employees),
but now and then things start to happen like forgetting to lock
important doors, allowing access to people how should not have...the
security gets compromised in a slow way, and in worst case no one
cares.
Ralph A. Schmid, DK5RAS
>Had you been more connected to the lock industry you would know that the
>technique is virtually unknown outside the industry. You can check
>right here among the most knowledgeable amateur to verify that. From
>the remarks here and some of your own, the depth of the danger involved
>in widely distributing this technique hasn't been grasped yet, and
>hopefully won't be any time soon. I certainly won't elaborate here to
>compound the damage potential.
If one only has basic knowledge ho MK works and puts one and one
together, then he knows this anyway. Just with some thinking about the
inner workings in masterkeyed locks I learned how to make my own
master in the age of 15 or so, and I do not think I have any special
skills in mechanics. Even without having ever opened a pin tumbler
lock I was able to assume how it works, and I was able to assume how
masterkeying works, just in theory, because there was only one
possible way how it could work. Later I found out I was right.
>There is only one mechanical lock alternative to prevent this method of
>attack and that is the use of patent protected keys with controlled
>distribution. The problem is that it isn't physically possible to
>produce enough of those to replace the non-protected locks in place on
>an immediate basis, in fact it may not be possible to produce
>replacements within a couple of years. The high security industry has
>been running at near capacity since it started in the US in 1968 and is
>no where near replacing a majority of older non-protected locks and keys
>and is already starting on its third generation.
But this exploit was well known for decades, without any attempts to
rise the security. Now the word is out, and something must be done
after everybody did keep the eyes closed...
>My 2ยข
>BBE.
Ralph A. Schmid, DK5RAS
>Interestingly, the 'bi-lock' www.bilock.com could be the most
>tricky to compromise in this manner. Not only is key duplication or
>alteration tricky, the correct key (or picking) is required to
>'cleanly' dismantle the cylinder (there is a special retaining clip).
>Not to mention that a larger supply of blanks would be required than
>normal (12 tumblers with 4 levels ).
Nothing special, not very new, and not really much more secure than
normal pin-tumbler locks. DOM Diamant, Keso 2000, EVVA MCS or EVVA 3KS
- have a look at these to find out where high securitiy starts.
Coherers
"Henry E Schaffer" <h...@hes01.unity.ncsu.edu> wrote in message
news:b0vb6k$1el$1...@hes01.unity.ncsu.edu...
> A very simple example - two pin stacks have a master pin in them,
> giving two cuts in them. 1, 3 in one, 2, 4 in the other. The change
> key has cuts 3,2. What cuts does the master have - There are 4 sets:
> 1,2; 1,4; 3,2; 3,4 Evaluating them:
>
> 1,2 possible
> 1,4 possible
> 3,2 not possible - this is the change key
> 3,4 possible, but bad practice (no advised) because no "higher" cuts
>
> I don't think it is possible to say what is the TMK without adding in
> additional constraints to eliminate "possible" cut combinations. I
> think that other posts have alluded to this by pointing out that there
> can be various ghost keys or submasters found among the possibilities.
Henry,
The basic assumption of the paper is that the attacker must have access to a
key and lock.
Given this he knows in your example from the key in his possession that the
change cuts in "his" lock are 3,2
By cutting blanks as described in the paper, he will find the cuts for each
pin as follows:
Pin 1 : 1 and 3 - but he knows 3 is the change position from his lock => 1
is the master cut
Pin 2: 2 and 4 - but he knows 2 is the change position from his lock => 4
is the master cut
Thus the master must be 1,4.
(This is for TPP - for RC, then absence of a second cut gives him what he
needs)
It is only where multiple mastering is used, that the cuts found using the
technique become ambiguous, but a "master" generated will at least open
every lock at the same level of mastering as "his" lock
"Coherers"
S. Berg
posting to some bizarre Linux group.
First, as a software professional I want to reinforce the earlier comment
about the cultural difference between locksmiths and computer security
people. Computer people invite public review. Newly found flaws in a
technique are often broadcast very quickly. Patches to fix the problems are
spread equally quickly and the game starts over. However, another important
security concept is layering. If one measure is compromised, you have
another to fall back on. I claim that secrecy serves as a layer and thus
has a place.
Second, locks have evolved like any other device. Remember when wafer locks
were introduced? They became popular because they were inexpensive, not
because they were foolproof. I can recall seeing an article written in the
1960's about how round key locks were "pick proof", right up until someone
figured out that you needed a different kind of pick.
Finally, how many of those fancy electronic locks still open with the
factory preset (1-3-7-9 or some such)? There is always a way in and it
often has more to do with bad policies and people management than technical
problems.
In the bigger scheme, I don't think this paper is really going to be more
than a bump in the road for traditional mechanical locks.
Scott
Jim Billings
master key system when they ask for one. We do not go into near the details
as your article so they can figure out how to get into someone else's
system though.
Jim Billings
"Matt Blaze" <m...@research.att.com> wrote in message
news:b0vhfr$j...@dynasty.cs.columbia.edu...
Coherers
> pin-tumbler locks are outdated by means of security, only locks with a
> key design which prevents easy duplication (milled keys and such)
> offers a kind of security; but only when every key can be tracked all
> the time to its owner.
I assume that most high security installations presumably use such systems
already (or should). If they use mastering, then someone needs to be
firing/re-educating.
But it is the cost-benefit equation at work here. If high security systems
were available at a low cost, then I am sure they would be used more often.
However, pin tumbler devices appear to provide enough security for most
applications. Most burglaries use brute force even when the lock protecting
the property is totally inadequate. And inside jobs have (some) access
already. Generally speaking, the lock is not the weak point. If
picking/impressioning/reverse engineering etc. become more of a problem,
then I am sure users will invest in more expensive, higher security systems.
But they don't because they can get better value for money for their
security dollar by spending it elsewhere.
> It is for example a risk when lazy employees start making their own
> masters, just to reduce the number of carried keys, or not having to
> ask all the time someone for the right key. I have seen this, once in
> an army installation, and in an university. This behaviour does not
> affect the security in the first moment (if you trust your employees),
> but now and then things start to happen like forgetting to lock
> important doors, allowing access to people how should not have...the
> security gets compromised in a slow way, and in worst case no one
> cares.
>
Would such an employee really be bothered to go to the effort, given that he
is lazy?
But seriously, point taken. Clearly the vulnerability does result in risks.
My point is simply that most of them are less likely when compared with more
obvious ones (e.g. in the case of mastered locks the increased risk of
picking). That is not to say they should be ignored, or are that they are
not serious in some environments. I just suggest that there is always
balance to be struck between cost, convenience and security taking into
account the consequences of any breach.
"Coherers"
Peter
<nos...@radio-link.net> wrote:
>
>If one only has basic knowledge ho MK works and puts one and one
>together, then he knows this anyway. Just with some thinking about the
>inner workings in masterkeyed locks I learned how to make my own
>master in the age of 15 or so, and I do not think I have any special
>skills in mechanics.
Fortunately people who can figure this out go on to well paying jobs
such as locksmiths, brain surgeons etc and have no need to make
illegal masterkeys to engage in crime.
Masterkey systems in universities etc would seem to be the most
vulnerable as there are many bright but immature minds there.
Incidentally 'bicentric' cylinders (those with two 'or' plugs) are not
immune from attack as someone could impression a key for the 'master'
plug. 'Master ring' cylinders are presumable less vulnerable as
impressioning results may be difficult to interpret. However these
seem to be heading into history.
Peter
<nos...@radio-link.net> wrote:
>
>Nothing special, not very new, and not really much more secure than
>normal pin-tumbler locks. DOM Diamant, Keso 2000, EVVA MCS or EVVA 3KS
>- have a look at these to find out where high securitiy starts.
>
Good point, but can these cylinders be as easily dismantled as an
ordinary pin tumbler cylinder?
Billy B. Edwards Jr.
>
> First of all, let me say I enjoyed your book very much; it's the most
> comprehensive and accessible treatment of the subject I've read.
>
> However, I'm a bit surprised that you'd choose to respond with an
> ad hominem attack. You've speculated (inaccurately) about my motives
> for writing the paper, and you have no way of knowing what I did and
> didn't consider before I published it other than that I acted
> differently than you might have under the circumstances.
>
> But it doesn't really matter -- my motives are irrelevant. It could
> just as easily have been a criminal that had written my paper, and
> we'd all be in exactly the same place we are now.
You made the publication, why would you be surprised that I would
chastise 'to the man' at fault? The reason for publishing is
rationalization on your part. So your position is that someone had to
do it and it may as well be you? Looks like we have different ethics.
> There is considerable evidence that similar methods for master key
> decoding have been discovered and rediscovered over the years, used
> illicitly and passed along as folklore (several people have unearthed
> Internet postings dating back as much as 15 years describing how to
> make master keys). Curious college students -- and we can presume
> professional burglars -- seem to have long been able to get their
> hands on master keys to the places that interest them.
>
> I'm surprised and a bit disturbed to learn that the locksmithing
> profession has known about this and chosen to do nothing -- not even
> warn its customers -- for over a century.
What a disconnect. I don't believe I've ever seen a master keying
document that didn't proclaim that MK'ing is a compromise of security,
from the number of keys that can operate the cylinder to the danger of a
MK in the wrong hands. Promotion of restricted keys in such systems has
been a staple of our trade for more than a century. We know that this
attack and many others just aren't possible when the blanks aren't
available.
> The technique does not seem
> to appear in open (or even closed) texts on locks and security; I had
> to rediscover it for myself. Your book, for example, mentions the
> conspiracy attack against TPP systems but does not cover the oracle
> attack. One wishes this method had been documented somewhere in a way
> that would have allowed the threat to be addressed and lock customers
> to make informed decisions.
My book and the other texts written in the trade are for locksmiths and
intended to instruct in methods to reestablish or maintain a degree of
integrity and security in existing systems. There is no reason for us
to write a text describing this form of attack since we don't write for
the consumption of those wishing to reduce the security effect.
There are people in the world who will use what you have published to
the detriment of the rest of society. It is my considered opinion that
you are on the wrong side of the fence with this one.
BBE.
todd
of his research was done on the internet, as he recites lawyers as lock
experts, and fails to mention IC cores. See how easy it is to criticize?
His rational of disclosing flaws in a system that is unknown to the
masses as helping the industry is strictly b.S.. What does he want to
disclose next? Possibly our national security plans to the talaban?
Their has long been a saying "loose lips sink ships" basic saying you
dont have to blab everything you know. every where in life you will
find flaws but instead of publishing the flaw for everybody to exploit,
why not just publish a fix? possibly your research didn't go that far?
Now your challenge is clear fix the problem you exposed its in your
hands.
For the good of security ,
Todd
Coherers
"Billy B. Edwards Jr." <bedw...@thelockman.com> wrote
> You made the publication, why would you be surprised that I would
> chastise 'to the man' at fault? The reason for publishing is
> rationalization on your part. So your position is that someone had to
> do it and it may as well be you? Looks like we have different ethics.
To question Mr. Blaze's ethics in this matter is not justified. The FAQs for
this group discusses the differing philosophies, and the open approach is
also well accepted as beneficial in other parts of the security industry.
>
>
> What a disconnect. I don't believe I've ever seen a master keying
> document that didn't proclaim that MK'ing is a compromise of security,
> from the number of keys that can operate the cylinder to the danger of a
> MK in the wrong hands.
I would say that this vulnerability is somewhat more serious than the widely
known limitations with mastering, even if it is not as critical as one might
think on first reading. If this particular issue has indeed been sat on for
as long as you say, then the lock manufacturing industry **might** well be
deserving of any class actions against it by the organisations faced with
the huge costs of replacing systems. Systems that are not only less secure
than they have been led to believe, but more importantly, were known to be
so by the manufacturers when sold to the customer. Just a thought.
I am sure smart criminals who have read a few books have worked this out
before now, and exploited it. I worked out the details from just the NYT
article in all of ten seconds (locksmithing is not my specialism), so I
cannot believe that a determined and well-read criminal could not have
determined the solution from scratch. Anecdotal evidence suggests that
college students have done just that in the past.
What is concerning about this vulnerability is that it is not a well
concealed secret - it is capable of being deduced by anyone who reads and
understands the literature already in the public domain. This sort of
vulnerability needs to be distiguished from those which could be said to be
incapable of being deduced. e.g. as is often the case where the operation of
the system is totally hidden and undocumented. This is a critical
distinction. There is a case for not publicising the limitations of the
latter, but I remain unconvinced by arguments for "covering up" the former,
especially if, as you suggest, the manufacturers have allowed their
customers to remain exposed thoughout an extended period and have made no
effort to phase in superior systems..
As I have had said in other posts, I believe that obscuration can make a
system more secure, but it should not be used as a substitute for security.
Coherers
Coherers
"S. Berg" <ne...@scottberg.com> wrote in message
news:v38cgmd...@corp.supernews.com...
> Wow! One of the best threads I've seen here in a while. And no cross
> posting to some bizarre Linux group.
If this has interested you, there is another good thread on this issue on
alt.security.alarms
Coherers
"h_ammer" <to...@accesstoledo.com> wrote in message
news:s1u83v80s2pqbbkah...@4ax.com...
> >
> getting all bent outa' shape over that POS article?
Nope. Never use MK myself ( see below)
> <LMFAO>
Painful
> all garbage...
> The real people know what's up!
Yes, yes, I know. That MK is FU (still)
Billy B. Edwards Jr.
>
> To question Mr. Blaze's ethics in this matter is not justified.
You need to comprehend what you read. I did not question his ethics. I
stated what they appear to be with a question. Then I made the
rhetorical statement that our ethics are different.
<snip>
> If this particular issue has indeed been sat on for
> as long as you say, then the lock manufacturing industry **might**
> well be deserving of any class actions against it by the organisations
> faced with the huge costs of replacing systems. Systems that are not
> only less secure than they have been led to believe, but more
> importantly, were known to be so by the manufacturers when sold to the
> customer. Just a thought.
The first scientifically generated MK system was offered by Yale in
1889. Shortly thereafter they offered patented keyways for Mk'ing.
Every manufacturer has restricted keys that they offer for MK'ing. It
is the user who chooses to not use them and typically based only on
price.
Check around BTW, you will find that most manufacturers offer patented
or higher security systems today as a matter of course.
BBE.
"Keyman"
> In the bigger scheme, I don't think this paper is really going
to be more
> than a bump in the road for traditional mechanical locks.
>
> Scott
I agree 100% Scott.
ya hit the nail right on the head !
--
"Keyman"
Ralph A. Schmid, DK5RAS
Some of them can be disassembled when a key is available, but even
then it is not easier to make a key just with a file :) You find out
how the bitting of the master may be, but still no way to file a key
from this knmowledge...
Peter
<bedw...@thelockman.com> wrote:
>
>The first scientifically generated MK system was offered by Yale in
>1889.
Did Yale use 5 pin or 6 pin cylinders initially for this masterkeying
and later with multiplex keyways?
Billy B. Edwards Jr.
catalogs showed that the 1889 catalog was offering a 5 pin system that
used a '4 in 5' Rotating Constant pattern. Some time later they
patented the G series multiplex and offered 6 pin systems.
BBE.
Coherers
> You made the publication, why would you be surprised that I would
> chastise 'to the man' at fault? The reason for publishing is
> rationalization on your part. So your position is that someone had to
> do it and it may as well be you? Looks like we have different ethics.
To most neutral readers this suggests that you consider his reasons for
publication to be less than honourable
And when coupled with
>Your publication of the technique was .....self serving...
I think most reasonable people would consider this a criticism of the
author's ethics. If this is not the case, then I am sorry, but I think you
will find a large proportion of people would have read it the same way.
> The first scientifically generated MK system was offered by Yale in
> 1889. Shortly thereafter they offered patented keyways for Mk'ing.
> Every manufacturer has restricted keys that they offer for MK'ing. It
> is the user who chooses to not use them and typically based only on
> price.
>
> Check around BTW, you will find that most manufacturers offer patented
> or higher security systems today as a matter of course.
Most of the readers of this group are well aware of the availability of
higher security systems.
The issue is not what is available, but that the customer needs to know what
he is getting in order to be able to make an informed decision on which
system to install.
In the majority of cases (e.g hotels, and educational establishments), I
suspect the added risk posed would not justify the additional cost. However,
in certain installations and circumstances, this vulnerability poses a
serious additional risk, such that if the issue had been known about at the
time of installation, it would have resulted in different product selection.
Those responsible for ensuring the security in those situations need to know
what the limitations are if they are going to make the correct purchasing
decision.
Coherers
allan
open cheap lock! Even the author could pick open most grand masterkeyed
cylinders. As soon as the public wants better locks they''ll buy better locks but
I wont hold my breath.
Allan
Henry E Schaffer
Coherers <nos...@deathtoallspammers.com> wrote:
>"Henry E Schaffer" <h...@hes01.unity.ncsu.edu> wrote in message
>news:b0vb6k$1el$1...@hes01.unity.ncsu.edu...
>> A very simple example - two pin stacks have a master pin in them,
>> giving two cuts in them. 1, 3 in one, 2, 4 in the other. The change
>> key has cuts 3,2. What cuts does the master have - There are 4 sets:
>> 1,2; 1,4; 3,2; 3,4 Evaluating them:
>>
>> 1,2 possible
>> 1,4 possible
>> 3,2 not possible - this is the change key
>> 3,4 possible, but bad practice (no advised) because no "higher" cuts
>>
>> I don't think it is possible to say what is the TMK without adding in
>> additional constraints to eliminate "possible" cut combinations. I
>> think that other posts have alluded to this by pointing out that there
>> can be various ghost keys or submasters found among the possibilities.
>
>Henry,
>
>The basic assumption of the paper is that the attacker must have access to a
>key and lock.
>Given this he knows in your example from the key in his possession that the
>change cuts in "his" lock are 3,2
Right - this is exactly what I stated.
>By cutting blanks as described in the paper, he will find the cuts for each
>pin as follows:
>
>Pin 1 : 1 and 3 - but he knows 3 is the change position from his lock => 1
>is the master cut
Why must 1 be the cut for the TMK? Why can't the TMK and the change
key *both* have a 3? (I state above that this would lead to a bad TMK
combination of cuts - but that could be "cured" at a different position
- so that can't totally eliminate this cut.)
>Pin 2: 2 and 4 - but he knows 2 is the change position from his lock => 4
>is the master cut
Why must 4 be the master cut?
>Thus the master must be 1,4.
>
>(This is for TPP - for RC, then absence of a second cut gives him what he
>needs)
Oh - so you are "adding constraints". Note that I specifically said
>> I don't think it is possible to say what is the TMK without adding in
>> additional constraints to eliminate "possible" cut combinations.
and I'd appreciate any counterexamples. However you adding these
additional constraints and only then are you able to unambigously
determine the TMK.
>It is only where multiple mastering is used, that the cuts found using the
>technique become ambiguous, but a "master" generated will at least open
>every lock at the same level of mastering as "his" lock
I'm not sure that this is correct, at least without additional
constraints. The "master" generated just might be a "ghost" which
doesn't appear any place else in the system.
--
--henry schaffer
h...@ncsu.edu
Henry E Schaffer
number of submissions on this topic. I found them interesting.
--
--henry schaffer
h...@ncsu.edu
Coherers
> >Pin 1 : 1 and 3 - but he knows 3 is the change position from his lock =>
1
> >is the master cut
>
> Why must 1 be the cut for the TMK? Why can't the TMK and the change
> key *both* have a 3? (I state above that this would lead to a bad TMK
> combination of cuts - but that could be "cured" at a different position
> - so that can't totally eliminate this cut.)
Both the master and the change can share the cut at 3. But in this example,
the cut at 1 would then be a dummy cut (as opposed to a ghost cut), and
serve no purpose other than increase the risk of cross-keying and picking.
So good practice would dictate you wouldn't put it there. Thus, in a normal
installation, the only cut found by the technique would be the one at 3, so
you can deduce this is the master cut for position one. Hence in that case,
a master of 3,4.
Personally, I am *not* convinced that this technique automatically give you
the TMK, as I have stated elsewhere in this thread. Only that it will yield
the master for that level or a ghost that none-the-less opens locks at the
same level. However, where a single level of mastering was being employed
(as in your example) it works and will give you the TMK.
>
> >Pin 2: 2 and 4 - but he knows 2 is the change position from his lock =>
4
> >is the master cut
>
> Why must 4 be the master cut?
Same reasons as for position one
> >Thus the master must be 1,4.
> >
> >(This is for TPP - for RC, then absence of a second cut gives him what he
> >needs)
>
> Oh - so you are "adding constraints". Note that I specifically said
> >> I don't think it is possible to say what is the TMK without adding in
> >> additional constraints to eliminate "possible" cut combinations.
I am not adding any constraint not already in the paper. If it is RC, then
technique is still effective at exposing the master cut
>
> and I'd appreciate any counterexamples. However you adding these
I could try to extend your example to illustrate if required
> additional constraints and only then are you able to unambigously
> determine the TMK.
See my comment above
>
> >It is only where multiple mastering is used, that the cuts found using
the
> >technique become ambiguous, but a "master" generated will at least open
> >every lock at the same level of mastering as "his" lock
>
> I'm not sure that this is correct, at least without additional
> constraints. The "master" generated just might be a "ghost" which
> doesn't appear any place else in the system.
The reason I put the word "master" in quotes above, was because the key
resulting may well be a ghost - but it will none-the-less open all locks at
the same level because the method only reveals cuts that belong to one
master level or another *above* that of the key in the attackers possession.
I won't contest your point on complications of non-TPP/RC mechanisms, as I
am not well acquainted enough with them to judge. I'd be interested to know
more about them. I did not get the idea from the paper that he is suggesting
that all mastered installations were vulnerable (systems like EVVA MCS are
clearly immune, as are purely mechanical systems like master ring etc.)
As the author says, complications arise if non standard bittings are used
Also, when dummy cuts are introduced. The author does not give the number
of sites he experimented on, which is a pity. But 100% of those tested (at
least four) were vulnerable, it appears.
That has got to be a concern for the industry. If there is still doubt, then
perhaps someone should try to replicate his results.
Coherers