[12392] in cryptography@c2.net mail archive
Re: Keep it secret, stupid!
daemon@ATHENA.MIT.EDU (Matt Blaze)
Sun Jan 26 20:14:45 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
To: Bram Cohen <bram@gawth.com>
Cc: cryptography@wasabisystems.com
In-Reply-To: Message from Bram Cohen <bram@gawth.com>
of "Sun, 26 Jan 2003 16:40:47 PST." <Pine.LNX.4.21.0301261634170.3156-100000@ultra.gawth.com>
Date: Sun, 26 Jan 2003 19:43:51 -0500
From: Matt Blaze <mab@research.att.com>
> Matt Blaze wrote:
>
> > Once I understood the basics, I quickly discovered, or more accurately
> > re-discovered, a simple and practical rights amplification (or
> > privilege escalation) attack to which most master-keyed locks are
> > vulnerable.
> > http://www.crypto.com/masterkey.html
>
> Matt, is there some reason why you didn't bother asking a single locksmith
> if they knew about this attack already before claiming it was 'new' in
> your paper? Have you looked into the differences in actual costs of
> production of the various ways of making locks more secure? Do you have
> any information on how common various ways of breaking into locks are done
> in practice?
Of course I did. What gave you the idea that I didn't?
>
> I'm not arguing that security through obscurity is a good thing, just
> pointing out that your claims of the importance of your publication are
> being made mostly in ignorance.
>
> -Bram Cohen
>
> "Markets can remain irrational longer than you can remain solvent"
> -- John Maynard Keynes
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
