[12375] in cryptography@c2.net mail archive
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
daemon@ATHENA.MIT.EDU (Derek Atkins)
Fri Jan 24 15:27:42 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
To: Matt Blaze <mab@research.att.com>
Cc: Len Sassaman <rabbi@abditum.com>,
"Arnold G. Reinhold" <reinhold@world.std.com>,
cryptography@wasabisystems.com
From: Derek Atkins <derek@ihtfp.com>
Date: 24 Jan 2003 15:17:22 -0500
In-Reply-To: <200301241953.h0OJrut17140@fbi.crypto.com>
Matt Blaze <mab@research.att.com> writes:
> I have no particular interest in seeing you eat crickets (and before
> I went veggie I've eaten a few myself; taste like whatever they're
> cooked in), but I've done it on Medecos; it's no problem.
Having taken apart Medeco's before, I have to agree with Matt that
this attack would work fine on old-style medecos with a groove for the
the turn-bar. This means the twist is the same at all pin heights for
any particular pin.
> The angles will be the same on the master as the change key; only the
> cut depth will differ. If you have a code cutter at the oracle lock
> it's no different from doing the attack regular locks, except that Medeco's
> MACS restrictions mean you have to be careful about whether you use the
> change depth or previously learned master depth at the positions adjacent
> to the position under test. If you're using a file at the oracle lock,
> just use a code machine to pre-cut a #1 cut at the right angle at each
> position; the sharp angle actually makes filing a bit easier than on
> locks with a standard cut.
There is, however, a newer medeco design that uses a drill-hole
instead of a groove. With that design you can have the pin twist be
different at different pin-heights (by putting the drill-hole at a
different twist-angle). I don't think this attack would work quite
as easily on this design.
-derek
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
