[12403] in cryptography@c2.net mail archive
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
daemon@ATHENA.MIT.EDU (Donald Eastlake 3rd)
Mon Jan 27 09:33:54 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Mon, 27 Jan 2003 07:49:12 -0500 (EST)
From: Donald Eastlake 3rd <dee3@torque.pothole.com>
To: Faust <urfaust@optushome.com.au>
Cc: Donald Eastlake 3rd <dee3@torque.pothole.com>,
Pete Chown <Pete.Chown@skygate.co.uk>,
<cryptography@wasabisystems.com>
In-Reply-To: <k7gqk851.fsf@optushome.com.au>
My message was not a reply to Matt's paper.
It was a reply to a message that said, approximately, "If I wanted to
SECURE A BUILDING the first thing I would do is worry about the LOCK and
replace it with an electric lock..." It did NOT say "If I wanted to
SECURE A LOCK...".
My reply was to point out that the suggested strategy for securing a
building would almost always be the wrong strategy.
I agree that locks and methods of defeating them are intersting.
Thanks,
Donald
======================================================================
Donald E. Eastlake 3rd dee3@torque.pothole.com
155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w)
Milford, MA 01757 USA Donald.Eastlake@motorola.com
On Mon, 27 Jan 2003, Faust wrote:
> Date: Mon, 27 Jan 2003 13:57:30 +0000
> From: Faust <urfaust@optushome.com.au>
> To: Donald Eastlake 3rd <dee3@torque.pothole.com>
> Cc: Pete Chown <Pete.Chown@skygate.co.uk>, cryptography@wasabisystems.com
> Subject: Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
>
>
> > You are coming at this from a software/computer mindset that just isn't
> > applicable to this sort of physical world security.
>
>
> Matt's paper was about _locks_.
> In case you have forgotten, the title was "Cryptology and Physical Security:
> Rights Amplification in Master-Keyed Mechanical Locks".
>
> To weakly criticize his paper because it did not talk about the cost of
> fabrication or physical tolerances misses the point entirely.
>
> There _are_ situations where information leakage is of concern.
>
> I can imagine other applications of Matt's methods to other forms of
> physical security.
>
> In any case, it is intrinsically interesting
>
> In practice, social engineering is far easier to use to access secure premises.
> Bribe a guard, go to bed with a person with access etc..
> However, that is not the proper domain of a study of rights amplification.
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
