begin quoting Ralph Shumaker as of Wed, Mar 22, 2006 at 09:50:47AM -0800: > Stewart Stremler wrote: [snip] > >Oh, I'm not saying that they aren't _good_. > > > >And the company trusts that the lock is good up to $10k. So if you have > >have stuff to store that's worth[1] less than $10k, that sort of lock would > >be *great*. > > That $10k is not insurance. It is offerred only as incentive to entice > someone to try to show them how to defeat their lock without destroying it.
I was thinking more along the lines of economics, and relative payoffs. > I am a locksmith and understand how it works. Don't the locksmiths get pissed off at the crypto guys, swanking around with their abstract mathematical approach? > Understanding how a lock > works is an important part in figuring out how to defeat it. You push up on _those_ pins and not on _these_ pins, and then turn. The number of pins and the number of levels that they need to be pushed up determines the number of possible keys. The more levels, the higher the tolerances, etc. etc. 6 pins by 3 levels is only 6^3... 216 keys[1]. How many pins and levels in a Medco lock? Or is it not a pin-tumbler (what I think of when I think of a pickable lock) lock? > But every > locksmith I know who understands how the Medeco works knows this: The > only feasable way of defeating a Medeco is by destroying it. If a > person must leave the lock intact (maybe to obscure his security > breach), then destroying it is not an option. I really get uncomfortable with assertions involving "only feasible" that aren't based in mathematics. Generally, the way through a difficult patch is to come at the problem sideways... > There are other ways to defeat a lock without picking. Picking was chosen as applicable to crytpography... "guessing the key" is analogous to picking a lock. > But none of them > work on a Medeco. Destroying it is the only way to defeat it. (This is > according to all the locksmiths I know. And in regard to defeating > locks, there is very little (if anything) known by thieves that is not > known by experienced locksmiths.) I should think that sort of assertion would be difficult to determine. :) [snip] > True. But as I stated above, there is little (if anything) known (about > defeating locks) by thieves that is not known by locksmiths. And I > guarantee you that if there is a locksmith who knows how to defeat a > Medeco without destroying it, he *will* cash in on that reward. Locksmiths don't make a lot of money? > (I'm > assuming that all locksmiths are honest and reputable.) There's the answer to our political problems! Locksmiths in office, and cabbies on their cabinets! :) [chop - economic tradeoffs] > Knowing what I know about the Medeco lock, this sounds more like a > conspiracy theory built up on nothing more than fear and lack of > knowledge about the facts that say it's not possible. Oh, blow it out your ear. If there's a consipracy theory, it's that all locksmiths are honest, honorable, intelligent, handsome, and know more than anyone else. > The Medeco lock /may/ have a vulnerability since most things do. But > short of its destruction, I am currently unaware of *any* way to defeat > it. In (very) limited settings, there are ways around it, but none > through it. They said that the round-key locks were "virtually unpickable" until some wag used a bic pen. /me looks around http://www.snopes.com/crime/warnings/kryptonite.asp Gotta love those "Whoops!" moments. [1] some of these keys would be immediately rejected, so in practice, the real choice of keys would be smaller for this style of lock. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
