at Thursday, January 23, 2003 7:38 PM, hellNbak <[EMAIL PROTECTED]> was seen to say: > So yes, this was security through obscurity. Without public > disclosure there would be little motivation for lock companies to > retool and create better locks. And TBH there still is little incentive for them to do so. More secure locks *are* available that aren't susceptable to this particular attack - but which are susceptable to other attacks (I am told that an experienced locksmith or lockpick can use the same "probe" technique used to pick the lock, but estimate quite closely the multiple "catch" positions for the pins by the amount they must lift the pin in order for it to lock into position. plus of course almost any lock can be disassembled and the pin positions measured) While good crypto costs no more than bad, really secure cylinder locks *do* have a higher production cost, are more likely to jam, and often are physically larger.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
