begin quoting Ralph Shumaker as of Mon, Aug 11, 2008 at 05:52:30PM -0700: > SJS wrote: [snip] > > > >The best thing to every happen to the lock(smith) industry is the > >invasion of crypto-geeks. :) > > I'm not sure I agree with this. Electronic access is less secure, but > more convenient for the user, and trackable for security. And circuitry > is far more prone to failure than traditional locks.
No, I'm not talking about introducing electronics; I'm talking about the "let's do some actual analysis" thinking that comes with the cryptogeek community. Technophilia is a different matter entirely. [snip] > >To what tolerance? 30 degrees? 15 degrees? I'm not suprised that > >thickness isn't a real factor. > > Tolerance? First, I'll answer that I don't really know. But, new, I > would estimate about 10?. That being said, I don't know what the > rotation angle is supposed to be. I think it's 45?. If not, then it > wouldn't be much less. I'll take a look next time I'm next to the > machine I use. So it's a rotate left, rotate right, or rotate-none? Or even just a "rotate or not"? Is it really a single bit's worth of information? [snip] > Yeah, you would *think* that, but twisting is not the biggest threat to > a plastic or nylon key in an ignition. There are a few things in most > ignitions that will clamp down too hard on a plastic or nylon key but > which don't affect a metal key all that much. You probably wouldn't > even be able to push a plastic or nylon key IN through pinch rollers (on > Volvo or VW or somesuch), and even if you do manage to get it in, you > *aint* gettin it out. Most plastic keys that I have to dig out require > me to move a strong mechanism out of the way. What makes this more > difficult is that the tools move the mechanism out of the way, but then > the tools are in the way. A sure-fire exercise in frustration at times, > even if you *do* have my level of patience. But, over time, I've gained > a decent level of dexterity in it. Ah, that's a far cry from my pontiac, then. My keys would fall out of the ignition while the car was running. Note to self - don't use nylon keys in a european car... > Twisting will break a nylon key, especially repeated twisting, which is > why it is supposed to be used just a few times in the doors. But they > should *never* be used in the ignition, unless you have no other choice, > like when your regular key breaks and your in the middle of nowhere. Yup. They're for *emergencies*, not daily use. The few times I used mine, I would half-expect the key to break that time. Remote keyless entry might be less secure, but it's a lot more convenient, and given that any car can be gotten into with a half-brick, there's a limit to how "secure" it should be anyway. [snip] > >I quote from the article: > > > >"Once the plastic key is inside the cylinder and lifts the pins, it's > >not actually strong enough to turn the cylinder, so the researchers > >insert a small turning wrench to turn the cylinder and open the lock." > > > > Well, turning is not what I was thinking would be the most likely thing > to break it off inside, altho that could do it easily enough. A turning > wrench would help with turning, but not removal. Ah! This is the pinch-roller and other tricks, yes? > If a key isn't cut right, all kinds of problems could result. Although > it is rare, one kind of cut fault can stop a key from going in. Another > cut fault will allow the key to go in just fine, but stop it cold from > coming back out. If I wanted to screw you over, I could cut such a key > and stick it into your lock. It doesn't damage the lock, but it would > make it almost as difficult to unlock. Epoxy is cheaper, faster, and requires less work. :) > But my point about the plastic key is that forces inside the lock > attempt to hold the key in place and could be strong enough to prevent > you from removing a plastic key without ripping it in twain. Those forces would also wear a metal key out faster, and reduce the working lifetime of the lock. It's all a tradeoff. [snip] > >Same problem exists with 13-year-olds and epoxy. > > > >Is it really that big of an issue? > > Not in those terms, I suppose, tho that's really apples and oranges. > The plastic key user is trying to defeat the lock and get through. The > epoxy squirter is actually trying to be a cowardly prick (and succeeding). Well, yes. The point is that defending against a DoS in this case isn't really worth too much effort; recording evidence of a successful breach, however, is an acceptable goal. It's an interesting subject, and plays back into OS security as well. [snip] > >Part of the problem is that there's a desire to loan out keys to give > >someone temporary access to a resource, and once someone has the key > >under their control, the game seems to be up. > > > >The problem here is that *seeing* a key is sufficient to break it. > > This is true. If I am at your house and your keys are laying somewhere, > I don't need a camera. But I _would_ need to stare at one of them for a > few seconds. A camera would be easier. :) And with cameras in almost every phone... probably less obtrusive than you staring at my keys. And can be used from farther away. On the other hand, I have more keys that no longer go to anything than keys that go to something.... you've have to memorize a lot of keys. [snip] -- I have a keyring of keyrings. Stewart Stremler -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
