Hi Hadmut,

Welcome to the world of total stupidity. I was in the hardware store the other and looked at those cheap luggage looks and thought about how thieves might be able to utilize the weakness of the system to rip off people, but then..., well I looked at the Master brand, generally a good brand, and a couple of other combination lock brands in the $30 to $45 USD range where you can set the combination to whatever you want. Guess what? They all seemed to use the same key to enable setting the combination. Now, granted, you have to open the lock first then you use the key to release the cylinders to set the combination, but it seems to me that with a little work one could figure out how to bypass the security mechanism to open the lock quickly.

Then, too, there are some great lock picking sites on the net that will teach you how to pick even so called security locks.

Much like DES slowed people down until they developed the technology to overcome the encryption, locks are only as good as the lack of knowledge that the average crook has.

Look up the Kryptonite motorcycle lock that was about $65 USD and a kid in a bike shop figured out how to hack the lock with a $0.19 USD BIC Pen. Lock had been made and sold for twenty plus years with the same weakness in design.

That was truly a zero day exploit.

Oh, and another story for you on failure in design. We are thinking of re-financing our house. The mortgage company keeps all the personal identifiable data in encrypted form in their offices, but when they send me the quote it's in plain text in an e-mail!

Thinking through all aspects of the design and application of a security model is mostly lacking as far as I can tell.



Hadmut Danisch wrote:

has this been mentioned here before?

I just had my crypto mightmare experience.

I was in a (german!) outdoor shop to complete my equipment for my next trip, when I came to the rack with luggage padlocks (used to lock the zippers). While the german brand locks were as usual, all the US brand locks had a sticker "Can be opened and re-locked by US luggage inspectors". Each of these (three digit code) locks had a small keyhole for the master key to open. Obviously there are different key types (different size, shape, brand) as the locks had numbers like "TSA005" tell the officer which key to use to open that lock.

Never seen anything in real world which is such a precise analogon of a crypto backdoor for governmental access.

Ironically, they advertise it as a big advantage and important feature, since it allows to arrive with the lock intact and in place instead of cut off.

This is the point where I decided to have nightmares from now on.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to