Stewart Stremler wrote:
begin quoting Ralph Shumaker as of Wed, Mar 22, 2006 at 09:50:47AM -0800:
Stewart Stremler wrote:
[snip]
Oh, I'm not saying that they aren't _good_.
And the company trusts that the lock is good up to $10k. So if you have
have stuff to store that's worth[1] less than $10k, that sort of lock would
be *great*.
That $10k is not insurance. It is offerred only as incentive to entice
someone to try to show them how to defeat their lock without destroying it.
I was thinking more along the lines of economics, and relative payoffs.
I am a locksmith and understand how it works.
Don't the locksmiths get pissed off at the crypto guys, swanking
around with their abstract mathematical approach?
Understanding how a lock
works is an important part in figuring out how to defeat it.
You push up on _those_ pins and not on _these_ pins, and then turn.
The number of pins and the number of levels that they need to be pushed
up determines the number of possible keys. The more levels, the higher
the tolerances, etc. etc.
6 pins by 3 levels is only 6^3... 216 keys[1]. How many pins and levels
in a Medco lock? Or is it not a pin-tumbler (what I think of when
I think of a pickable lock) lock?
Umm, given your example, that's *not* 6*6*6 but rather 3*3*3*3*3*3 (729).
In most locks (but not all), there are a number of uncuttable
combinations, maybe around 10% to 20% or so.
A Kwikset has uncuttables but typically has 5 pins at 6 levels. If you
cut the keys a certain way and use a certain type of pin, you can make
Kwikset have *no* uncuttables. (But copies may not be reliable unless
your duplicator is good and calibrated.)
A Schlage typically has 5 pins (or more) at 10 levels. (There's no
finnagling the uncuttables on this one.)
A Medeco typically has 6 pins (or more) at 10 levels with 3 possible
angles each and each of those can be on the leading edge or the trailing
edge (((10 levels*3 angles *2 edges)^6 pins)*80% cuttable=37,324,800,000
keys (each keyway)). And on top of all this, the Medeco has a feature
called a sidebar (not to mention "spool" pins). Normal picking won't
work on a sidebar lock. (Just try to pick a much much simpler sidebar
lock, a single sided GM lock, either the door (oval head) or the
ignition (squarish head). It has 6 wafers (easier to pick than pins) at
4 levels with a sidebar. It's not easy, to say the least. You *must*
take care of the sidebar first or forget picking it. By the way, the
sidebar is not accessible without some destruction.)
A note about spool pins: Spool pins make picking much more difficult by
providing a false sheer line. Instead of the picking holding pins in
place at the sheer line between the pins, a spool pin makes it much more
likely that you will get at least one false sheer line in the mix which
will prevent the picking from being successful. Just having one spool
pin doubles your chances of hitting a false sheer line. Having a spool
pin in two different pin chambers makes it 4 times as likely that you
will hit a false sheer line. And the Medeco lock employs several. You
can have spool pins put into Schlage and Kwikset locks. But if you do
it and get locked out of your house, the lock will probably have to be
destroyed to get you in. Some locksmiths have the tools necessary to
defeat spool pins, but even with these tools it takes a bit of luck,
time, and patience. Most locksmiths don't have these tools and will
either tell you that they cannot do it and just leave you there or will
tell you that they have to destroy the lock to get you in. (I've had to
destroy a few (spool pin or otherwise), but I hate to do it because I
feel like I am admitting defeat.) (It's easier for me to cut a padlock
than to pick it open. But if the customer has the key somewhere (not
present), I prefer to save the lock since it usually only takes me a few
minutes more. (I have a knack for picking.)) (Most discus type locks
have spool pins and are *very* difficult to pick.)
A note about sidebars: With normal locks (those without a sidebar that
is) picking basically gets one pin (or wafer) at a time lined up and
bound in place, one after another until you get the last one, at which
point it turns. But *with* a sidebar, you must get all the pins (or
wafers) lined up all at once before the sidebar will drop in. Picking
relies upon turning pressure *while* picking takes place. It's the
pressure that holds one pin (or wafer) in place while you attack the
next. The sidebar prevents you from applying turning pressure until all
the pins (or wafers) are lined up. Without the turning pressure, you
cannot get any of the pins to be bound in place while you go for the
next. So then it just comes down to dumb luck, getting all the pins in
just the right position all at the same time so that the sidebar will
drop in. Even with the GM lock having only 4,096 combinations (in each
keyway) (4^6) (minus uncuttables), and it being a wafer lock, the
sidebar is so effective that picking it is extremely difficult without
attacking the sidebar. And the GM sidebar lock has been in use for
around 80 years IIRC. To defeat this with picking, you must defeat the
sidebar first, and for this must make a way to get to it.
The bottom line is that no one is going to waste his time trying to pick
through a Medeco unless he just doesn't know what he's up against. It
will be much easier to destroy the lock than to pick it. And even
destroying your way through it is not going to be very easy unless
you're willing to make a lot of noise and a lot of sparks, or take a lot
of time.
But every
locksmith I know who understands how the Medeco works knows this: The
only feasable way of defeating a Medeco is by destroying it. If a
person must leave the lock intact (maybe to obscure his security
breach), then destroying it is not an option.
I really get uncomfortable with assertions involving "only feasible"
that aren't based in mathematics.
Generally, the way through a difficult patch is to come at the problem
sideways...
There are other ways to defeat a lock without picking.
Picking was chosen as applicable to crytpography... "guessing the key"
is analogous to picking a lock.
No, "guessing the key" would be analogous to guessing the digital cuts
of a key, making that key, and trying it in the lock, except that most
people don't have the machine that is capable of producing a key, by the
numbers, by copying, or otherwise whereas in cryptography, the
digital-key-producing-equipment may be little more than their own
keyboard (or a keypad already there) and the cryptographic key doesn't
have to be converted from numbers to a physical key. Guessing the
digital cuts of a Kwikset key gives you around 6,000 guesses. Even if
you had all these keys already cut and just had to grab the one you want
to try, it will take you a *very* long time. The law of averages
suggests that if you have a large number of locks to open this way, you
would likely average having to try around 3,000 of these keys on each
lock. This would take *far* too much time.
The reason picking is as successful as it is would be analogous to
coming to the keypad and noticing that the surfaces of just three of the
number keys are shinier than the others. That may not tell you how many
digits are in the code, but it will tell you that it probably consists
of primarily those three. Picking takes advantage of imperfect
tolerances within the lock. If the tolerances were perfect, picking
would be much much harder.
But none of them
work on a Medeco. Destroying it is the only way to defeat it. (This is
according to all the locksmiths I know. And in regard to defeating
locks, there is very little (if anything) known by thieves that is not
known by experienced locksmiths.)
I should think that sort of assertion would be difficult to determine. :)
[snip]
True. But as I stated above, there is little (if anything) known (about
defeating locks) by thieves that is not known by locksmiths. And I
guarantee you that if there is a locksmith who knows how to defeat a
Medeco without destroying it, he *will* cash in on that reward.
Locksmiths don't make a lot of money?
Some do, some don't.
(I'm
assuming that all locksmiths are honest and reputable.)
There's the answer to our political problems! Locksmiths in office,
and cabbies on their cabinets! :)
Heh. :)
[chop - economic tradeoffs]
Knowing what I know about the Medeco lock, this sounds more like a
conspiracy theory built up on nothing more than fear and lack of
knowledge about the facts that say it's not possible.
Oh, blow it out your ear. If there's a consipracy theory, it's that
all locksmiths are honest, honorable, intelligent, handsome, and know
more than anyone else.
Shhhh! (Who told you!) ;>
The Medeco lock /may/ have a vulnerability since most things do. But
short of its destruction, I am currently unaware of *any* way to defeat
it. In (very) limited settings, there are ways around it, but none
through it.
They said that the round-key locks were "virtually unpickable" until
some wag used a bic pen.
This reminds me of the "wag" who used a yellow highlighter to defeat a
copy protection scheme on CDs.
(What's a "wag"?)
/me looks around
http://www.snopes.com/crime/warnings/kryptonite.asp
Gotta love those "Whoops!" moments.
[1] some of these keys would be immediately rejected, so in practice,
the real choice of keys would be smaller for this style of lock.
(Except that the mistake your math eliminated about two thirds of the
real number.)
Interesting that the article mentions that the exploit "was reportedly
discovered as far back as 1992" but does not mention when the lock came
out. My bet is that the exploit was discovered very soon after the
lock's debut. But the medeco has been around long enough for its first
patents to expire, and still no known easy exploits exist.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
