Friday, January 24, 2003

Master Key Copying Revealed: Matt Blaze, a computer security expert at AT&T, has applied the principles of computer cryptanalysis to physical lock and key systems and devised an algorithm that allows a cracker to generate a master key for a building if all he or she has access to a working key for a single lock, a file, and a few blank keys. According to the article, this technique only takes a few minutes and it "leaves no evidence of tampering. It can be used without resorting to removing the lock and taking it apart or other suspicious behavior that can give away ordinary lock pickers". Blaze's research has been submitted for publication in a computer security journal, and AT&T has already posted an alert to law enforcement agencies to warn them that some may try to use this information for criminal purposes. Although I understand the ethical quandry associated with the dissemination of this sort of information, I firmly believe that in the end it's best for these things to be publicized. Bad guys are going to learn about these techniques sooner or later, and it's best if the good guys also know about it as well so they can take appropriate countermeasures. Here's a related article. Interested readers can also download a preprint of his paper in .pdf format. (Via Techdirt.)