Hi Hadmut,
Welcome to the world of total stupidity. I was in the hardware
store the other and looked at those cheap luggage looks and
thought about how thieves might be able to utilize the weakness
of the system to rip off people, but then..., well I looked at
the Master brand, generally a good brand, and a couple of other
combination lock brands in the $30 to $45 USD range where you can
set the combination to whatever you want. Guess what? They all
seemed to use the same key to enable setting the combination.
Now, granted, you have to open the lock first then you use the
key to release the cylinders to set the combination, but it seems
to me that with a little work one could figure out how to bypass
the security mechanism to open the lock quickly.
Then, too, there are some great lock picking sites on the net
that will teach you how to pick even so called security locks.
Much like DES slowed people down until they developed the
technology to overcome the encryption, locks are only as good as
the lack of knowledge that the average crook has.
Look up the Kryptonite motorcycle lock that was about $65 USD and
a kid in a bike shop figured out how to hack the lock with a
$0.19 USD BIC Pen. Lock had been made and sold for twenty plus
years with the same weakness in design.
That was truly a zero day exploit.
Oh, and another story for you on failure in design. We are
thinking of re-financing our house. The mortgage company keeps
all the personal identifiable data in encrypted form in their
offices, but when they send me the quote it's in plain text in an
e-mail!
Thinking through all aspects of the design and application of a
security model is mostly lacking as far as I can tell.
Best,
Allen
Hadmut Danisch wrote:
Hi,
has this been mentioned here before?
I just had my crypto mightmare experience.
I was in a (german!) outdoor shop to complete my equipment
for my next trip, when I came to the rack with luggage padlocks
(used to lock the zippers).
While the german brand locks were as usual, all the US brand locks
had a sticker
"Can be opened and re-locked by US luggage inspectors".
Each of these (three digit code) locks had a small keyhole for the
master key to open. Obviously there are different key types
(different size, shape, brand) as the locks had numbers like "TSA005"
tell the officer which key to use to open that lock.
Never seen anything in real world which is such a precise analogon of
a crypto backdoor for governmental access.
Ironically, they advertise it as a big advantage and important feature,
since it allows to arrive with the lock intact and in place instead of
cut off.
This is the point where I decided to have nightmares from now on.
regards
Hadmut
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]