Re: padlocks with backdoors - TSA approved

2007-02-27 Thread Taral

On 2/26/07, Hadmut Danisch [EMAIL PROTECTED] wrote:

Each of these (three digit code) locks had a small keyhole for the
master key to open. Obviously there are different key types
(different size, shape, brand) as the locks had numbers like TSA005
tell the officer which key to use to open that lock.


I'm just waiting for someone with access to photograph said keys and
post it all over the internet.

--
Taral [EMAIL PROTECTED]
You can't prove anything.
   -- Gödel's Incompetence Theorem

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: padlocks with backdoors - TSA approved

2007-02-27 Thread Ian Farquhar \(ifarquha\)
Some of the locks have special indicators which flag that a TSA key has opened 
it, which marginally improves the idea, but not
by much.  Whether those flags could represent a defence in the case of a 
corrupt official in possession of TSA keys I do not
know.

Without such flags, it's an INCREDIBLY unwise idea, as if you keep the bag 
unlocked, at least you have a defence that handlers
could have added items to the luggage in transit.

Some readers will have heard the case of Schapelle Corby, who is serving a 20 
year sentence in Indonesia for trafficing
marijuana.  In the ensuing investigation, a significant amount of evidence was 
uncovered suggesting that corrupt baggage
handlers were trafficing drugs between Australian airports, using unlocked 
baggage.  Corby's laywers claimed that she was the
victim of this, and that the destination baggage handler failed to intercept 
the drugs which were planted in her luggage.

I won't make a comment on the conduct of the agencies, the media and 
governments involved in the Corby case.  However, I will
say that any government (or other) program which assumes the honesty of 
employees and contractors is fundamentally flawed, and
any associated risk analysis is either incompetent, or in failing to identify 
risk to travellers, seriously incomplete.

Ian. 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hadmut Danisch
Sent: Tuesday, 27 February 2007 7:20 AM
To: cryptography@metzdowd.com
Subject: padlocks with backdoors - TSA approved

Hi,

has this been mentioned here before?


I just had my crypto mightmare experience. 


I was in a (german!) outdoor shop to complete my equipment for my next trip, 
when I came to the rack with luggage padlocks (used
to lock the zippers). 

While the german brand locks were as usual, all the US brand locks had a 
sticker 

   Can be opened and re-locked by US luggage inspectors. 

Each of these (three digit code) locks had a small keyhole for the master key 
to open. Obviously there are different key types
(different size, shape, brand) as the locks had numbers like TSA005 
tell the officer which key to use to open that lock.


Never seen anything in real world which is such a precise analogon of a crypto 
backdoor for governmental access.

Ironically, they advertise it as a big advantage and important feature, since 
it allows to arrive with the lock intact and in
place instead of cut off. 


This is the point where I decided to have nightmares from now on.


regards
Hadmut

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: padlocks with backdoors - TSA approved

2007-02-27 Thread Allen

Hi Hadmut,

Welcome to the world of total stupidity. I was in the hardware 
store the other and looked at those cheap luggage looks and 
thought about how thieves might be able to utilize the weakness 
of the system to rip off people, but then..., well I looked at 
the Master brand, generally a good brand, and a couple of other 
combination lock brands in the $30 to $45 USD range where you can 
set the combination to whatever you want. Guess what? They all 
seemed to use the same key to enable setting the combination. 
Now, granted, you have to open the lock first then you use the 
key to release the cylinders to set the combination, but it seems 
to me that with a little work one could figure out how to bypass 
the security mechanism to open the lock quickly.


Then, too, there are some great lock picking sites on the net 
that will teach you how to pick even so called security locks.


Much like DES slowed people down until they developed the 
technology to overcome the encryption, locks are only as good as 
the lack of knowledge that the average crook has.


Look up the Kryptonite motorcycle lock that was about $65 USD and 
a kid in a bike shop figured out how to hack the lock with a 
$0.19 USD BIC Pen. Lock had been made and sold for twenty plus 
years with the same weakness in design.


That was truly a zero day exploit.

Oh, and another story for you on failure in design. We are 
thinking of re-financing our house. The mortgage company keeps 
all the personal identifiable data in encrypted form in their 
offices, but when they send me the quote it's in plain text in an 
e-mail!


Thinking through all aspects of the design and application of a 
security model is mostly lacking as far as I can tell.


Best,

Allen

Hadmut Danisch wrote:

Hi,

has this been mentioned here before?


I just had my crypto mightmare experience. 



I was in a (german!) outdoor shop to complete my equipment 
for my next trip, when I came to the rack with luggage padlocks 
(used to lock the zippers). 

While the german brand locks were as usual, all the US brand locks 
had a sticker 

   Can be opened and re-locked by US luggage inspectors. 

Each of these (three digit code) locks had a small keyhole for the 
master key to open. Obviously there are different key types 
(different size, shape, brand) as the locks had numbers like TSA005 
tell the officer which key to use to open that lock.



Never seen anything in real world which is such a precise analogon of 
a crypto backdoor for governmental access.


Ironically, they advertise it as a big advantage and important feature, 
since it allows to arrive with the lock intact and in place instead of 
cut off. 



This is the point where I decided to have nightmares from now on.


regards
Hadmut

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: padlocks with backdoors - TSA approved

2007-02-27 Thread David Chessler

At 03:20 PM 2/26/2007, you wrote:

?xml version=1.0 encoding=US-ASCII? Hi,

has this been mentioned here before?


I just had my crypto mightmare experience.


I was in a (german!) outdoor shop to complete my equipment
for my next trip, when I came to the rack with luggage padlocks
(used to lock the zippers).

While the german brand locks were as usual, all the US brand locks
had a sticker

   Can be opened and re-locked by US luggage inspectors.

Each of these (three digit code) locks had a small keyhole for the
master key to open. Obviously there are different key types
(different size, shape, brand) as the locks had numbers like TSA005
tell the officer which key to use to open that lock.


Never seen anything in real world which is such a precise analogon of
a crypto backdoor for governmental access.

Ironically, they advertise it as a big advantage and important feature,
since it allows to arrive with the lock intact and in place instead of
cut off.


This is the point where I decided to have nightmares from now on.


This is why I don't bother with padlocks until I get to the hotel 
room. It is a good idea to slow down the petty thief, but a twist 
tie from a plastic bag will work. I use the nylon straps used to 
hold cable bunches in place. I use many different colors, so it is 
most unlikely that a petty thief would have one handy (black or white 
are very common.


When last I flew they TSA had cut the cable ties. I took the suitcase 
directly to the baggage desk and we examined it together. (Do not 
pile up books in your suitcase. The TSA does not distinguish between 
books and Semtex: it considers both equally dangerous.)




--
D__/d   [EMAIL PROTECTED]
  [EMAIL PROTECTED]  


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: padlocks with backdoors - TSA approved

2007-02-27 Thread Nicolas Rachinsky
* Hadmut Danisch [EMAIL PROTECTED] [2007-02-26 21:20 +0100]:
 has this been mentioned here before?

I don't know if it was mentioned here. Bruce Schneier wrote about it
some time ago.

http://www.schneier.com/crypto-gram-0404.html#2
http://www.schneier.com/crypto-gram-0405.html#10


Nicolas

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: padlocks with backdoors - TSA approved

2007-02-27 Thread Trei, Peter
Taral wrote:

 I'm just waiting for someone with access to photograph said keys and 
 post it all over the internet.

Let us hope that happnes - it won't make passenger security worse, and
would 
demonstrate that The Emperor Has No Clothes.

Even if that doesn't happen, it is presumabley feasible to
reverse-engineer
the keys by dismantling the locks.

Peter Trei

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: padlocks with backdoors - TSA approved

2007-02-27 Thread Hadmut Danisch
Hi Allen,

On Mon, Feb 26, 2007 at 09:23:30PM -0800, Allen wrote:
 Hi Hadmut,
 
 combination lock brands in the $30 to $45 USD range where you can 
 set the combination to whatever you want. Guess what? They all 
 seemed to use the same key to enable setting the combination. 


Why make it that difficult and complicated?


You can easily and immediately open most combination locks with
vertical wheels on suitcases (and probably those at padlocks). All you
need is a flashlight. 

The wheels are usually a little bit loose. Just shift it to the left
or to the right with your finger tip and use the flashlight to peep
into the gap. You will spot the axis of the wheel. Now turn the wheel
until you see the chamfer pointing directly to you. Proceed with all
wheels. 

If the lock doesn't open, turn all wheel by 180 degree (to digit n+5
mod 10). Some locks need the chamfer up, some need it down to open.

With a little practise and experience it is almost as fast as if you 
knew the combination code.

regards
Hadmut

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: padlocks with backdoors - TSA approved

2007-02-27 Thread Hadmut Danisch
On Tue, Feb 27, 2007 at 01:09:00AM -0500, David Chessler wrote:

 This is why I don't bother with padlocks until I get to the hotel 
 room. It is a good idea to slow down the petty thief, but a twist 
 tie from a plastic bag will work. I use the nylon straps used to 
 hold cable bunches in place. I use many different colors, so it is 
 most unlikely that a petty thief would have one handy (black or white 
 are very common.


Same what I do, especially because opening luggage in absence of the
owner is rather unusual outside the USA. Sometimes I also seal the 
case with any unusual sticker I got somewhere for free or a paper
sticker.

The method with the cable binder became difficult since it is
forbidden to have a nail scissors in the bord luggage. Sometimes not
that easy to open it without damaging luggage without a tool.


regards
Hadmut


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: padlocks with backdoors - TSA approved

2007-02-27 Thread Hadmut Danisch
On Mon, Feb 26, 2007 at 10:36:22PM -0600, Taral wrote:
 
 I'm just waiting for someone with access to photograph said keys and
 post it all over the internet.



It does not need access to the keys. 


Do you know that car Volkswagen Golf? As far as I know also sold in
the USA. 

In the eighties there was a problem: Many of the had been stolen
without visible force. No broken window, no broken ignition lock.


They finally found the method:


These Golfs had plastic fuel tank caps, which could be easily broken
off by hand. Just grab it, tear it away with force, and you have it.

The tank cap had a lock inside. All you needed to do is to cut the
plastic lock open and to copy the tumbler lengths to a blank key. 
Then you have a working key. 

You could do the same and just open some of these locks, one per key
number.

regards
Hadmut


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: padlocks with backdoors - TSA approved

2007-02-27 Thread Ralf-Philipp Weinmann


On Feb 26, 2007, at 21:20 , Hadmut Danisch wrote:


Hi,

has this been mentioned here before?


Yes. It is old news, Bruce Schneier's Cryptogram mentioned it in  
April 2004, actually [1].



Never seen anything in real world which is such a precise analogon of
a crypto backdoor for governmental access.


Welcome to the real world. Things suck here.



Ironically, they advertise it as a big advantage and important  
feature,

since it allows to arrive with the lock intact and in place instead of
cut off.


Some of apparently have the feature that you can tell *IF* the TSA  
has opened them with their master-keys. You are supposed to find a  
TSA notice in your bag if it has been opened and searched. Although  
I'm not sure whether you can really raise hell if they forget to  
stick the notice in there after having searched your bag.




This is the point where I decided to have nightmares from now on.


G'night then.

Cheers,
Ralf

[1] Crypto-Gram Newsletter, April 15th, 2004
http://www.schneier.com/crypto-gram-0404.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: padlocks with backdoors - TSA approved

2007-02-27 Thread Sean McGrath



Ian Farquhar (ifarquha) wrote:
[...]

However, I will say that any government (or other) program which assumes
the honesty of employees and contractors is fundamentally flawed, 
and any associated risk analysis is either incompetent,

or in failing to identify risk to travellers, seriously incomplete.

Ian. 

[...]

The first time I used a TSA lock, it came back attached to one zipper
pull, not two, leaving the luggage unlocked will a locked lock.
The second time the lock did not come back. I don't use them any more.

--
Sean McGrath
[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


U-Prove features (Re: announce: credlib library with brands and chaum credentials

2007-02-27 Thread Christian Paquin

Adam Back wrote:

About flexibility and generality I mean Brands has a huge list of
features, like a very efficient observer setting, with cheap
operations suitable for an 8 bit smartcard, limited multi-show (though
linkable, there is an online credential refresh phase if unlinkable is
desired), single show, ability to show formulae, ability to show and
combine formulae across credentials from different issuers etc.  And
also prove negatives involving attributes, and related technique for
testing a black list of revoked credentials blindly.
[...]
The u-prove library does a lot more things, I think


It may be difficult to understand what's implemented in U-Prove by
reading the press release and data sheet, so here it is in more
technical terms.

U-Prove implements what we call ID Tokens: a credential with three
attributes. The goal of these credentials is to act, as the name
implies, as identity tokens.

ID Tokens have three fields. The first field contains public token
attributes, which are always disclosed (e.g., an expiry date, token
usage info, semantics of the other fields, etc.). The second field can
contain any data and can be selectively disclosed; not disclosing the
field gives _no_ information about its value to a verifier. The third
field contains data committed by the user at issuance time but unseen by
the issuer (e.g., contact information, an encryption key).

ID Tokens are untraceable and unlinkable among themselves. Care must of
course be taken when encoding data into them. Traceability of the tokens
depends only on the encoded data. Reuse of a same token allows you to
build a pseudonymous relation with a verifier (like a random 
username/password).


Presentation of an ID Token results in a user-authenticated transcript
suitable for audit logs. Furthermore, verifiers can censor the
information relative to the disclosure of the selectively-disclosable
token field; auditors do not learn if the user disclosed the second
field and if so, its value.

Each ID Token specifies a unique identifier (hash of the token contents
+ other protocol data). This identifier is not under the control of any
party and is therefore suitable to index user accounts (a rogue issuer
could not generate an ID Token with the same identifier as another token
issued by another issuer).

ID Tokens can be revoked individually by their identifiers (à la X.509).
The SDK offers a more powerful revocation technique. A user can prove
that the value of the second field is not on a blacklist without
disclosing the field's value. By encoding a user identifier in this 
field, an issuer could revoke all of a user's unlinkable tokens.


ID Tokens can be issued as one-use. Reuse of such tokens allows an
auditor to compute the token's private key including the attributes. If
identifying data (e.g. an account number) is encoded in the
never-disclosed field, the auditor learning this value can trace the
malicious user. This value can then be blacklisted to prevent the user
from using any of her tokens.

ID Tokens may be protected by a device (a smart card, a Trusted
Computing chip, a remote server, etc.) Devices hold part of the token's
private key and must collaborate with the user in the presentation
protocol in order for the token to be usable. The secret in the device
can be shared by an unlimited number of tokens. The device's computation
is very efficient (no modexp at presentation time). Useful to protect 
the user against local malware or to enforce the issuer's security policies.


As you mentioned, Brands's credential system has a lot of features. We
did not implement everything for one good reason. This stuff is still
quite esoteric, even for the crypto community, and we wanted the SDK to
be identity-centric, with clear use cases. The SDK abstracts all the
crypto so it should be simple for security developers to use it.

Some use cases documented in the SDK include:
 * strong user authentication (privacy-friendly PKI)
 * digital signatures
 * protecting attribute assertions (e.g., I'm over 18, I live in
   Quebec). Could be integrated in frameworks such as SAML, WS-Trust,
   Liberty ID-WSF)
 * one-use e-tickets, these may contain attributes (similar to e-coins)

Regards,

 - Christian

--

Christian Paquin
Chief Security Engineer @ Credentica
1010 Sherbrooke West Suite 1800
Montreal, QC, Canada H3A 2R7
Tel: +1 (514) 866.6000
www.credentica.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Details of the backdoor-padlock

2007-02-27 Thread Hadmut Danisch
Hi,

made two pictures of the padlock with the backdoor:

http://www.danisch.de/tmp/pict0951x.jpg

shows the TSA keywhole: Just a very simple standard 
key cylinder, pretty easy to produce a general key from any lock. 


But that's waste of time. The lock suffers from the same weakness
almost all locks of this kind do: You don't need any key or code 
to open them: See 

http://www.danisch.de/tmp/pict0954x.jpg

The 'secret' code is still 000. When you turn the wheels for
exactly 180 degree (thus the 5 is up on the rightmost wheel), 
you can see that chamfer of the axis on the left side of the rightmost wheel. 
It is visible, but must point down to open.

Turn the wheels until you see this, and then turn them another
180 degrees, and: Open Sesame!

So no need to bother with a TSA key. Open it directly. 

regards
Hadmut


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]