Comments
Clive Robinson β’ July 6, 2017 7:00 AM
@ Bruce,
I remember your surprise when I mentioned that most conventional keys could be cut from photographs (or in my case when I was a teenager from a little knowledge and ability to remember the basic shape).
It’s interesting to see just how long it has taken to go from “secret knowledge” through known to a researcher, seemingly unlikely security threat, laugh at a Gov agency (TSA) for their stupidity to now being a business…
Perhaps it’s time you updated your comment about “Today’s PhD, tommorow’s attack” to “Yesterday’s PhD, today’s attack, tommorow’s business” π
Shawn McMahon β’ July 6, 2017 7:06 AM
There are locksmiths everywhere but Finland (and probably in Finland too) who will cut an Abloy key without jumping through hoops. Equipment capable of this feat runs $300-$400 on the low end, and the blanks are available via mail order for a couple of bucks.
The equipment to avoid this “security” costs barely more than the locks themselves.
quazgar β’ July 6, 2017 7:34 AM
This kind of online service has been highlighted at a ChaosCommunicationCongress already, maybe 1 or 2 years ago. German key company BKH / BKS seems to use registered trademarks, instead of patents, the profile of the key seems to be protected: http://www.bkh-sicherheit.de/produktinformationen/doc_download/145-bks-serie-45-mit-erklaerung (see the profile as an image engraved onto the key, near the number 17). This “solves” the patent expiry problem, so all illegal keys are really illegal π
JohnJ β’ July 6, 2017 7:48 AM
Forget friends or coworkers. Valets have the keys and, unless separately locked, access to your glove box where your vehicle registration resides. Your registration has your home address.
Pete β’ July 6, 2017 8:08 AM
Remember an android app from a few years ago – you take a photo using the app of both sides of a key. The app sends it to a locksmith in NJ or NY. You pay, they ship keys to you. Don’t remember it being very expensive or any real checks being done.
Think of all the AirBnB locations … or … friends or …
Prince Humperdink β’ July 6, 2017 8:20 AM
Forget about my valet, I worry about my butler. My butler has the keys to the gate and the next thing you know some idiot is going to wander up to the castle claiming he is “storming it” and the damn butler well let him in to steal my wife.
Jason β’ July 6, 2017 8:21 AM
@Pete, good point about AirBnB and places like that.
It would be wise for owners of such places to install one-way deadbolts that only lock/open from the inside. I doubt that will happen without the law requiring it, however since it isn’t the cheapest thing. Here in Texas all rental properties are required to have them installed on the doors for example.
Engelbert β’ July 6, 2017 8:26 AM
All the more reason to get a New Mexico LLC from JJ Luna and put your car in its name, so no home address on the registration.
Clive Robinson β’ July 6, 2017 8:44 AM
@ Jason,
It would be wise for owners of such places to install one-way deadbolts
Do you mean “one-Way” or “one-sided”. They are different what you describe as only working from one side of the door is not a “one-way” deadbolt but “one-sided”. A one-way deadbolt is one that can only be locked not unlocked from the outside with one type of key. depending on the type it either needs a different (often longer) key or can only be opened from the inside.
The two key system uses a cut cylinder where the half closest to the face plate drives a one way ratchet (not unlike those you find on screwdrivers). The back half of the cylinder is a cylinder within a cylinder and uses three part split pins. The lock only key only pushes the pins up to align the first cut and only turns the inner cylinder that just rotates, the outer cylinder remains locked. The unlock key has a much higher profile and pushes the pins to the second cut, which unlocks the outer cylinder and thus alows it to turn to pull back the dead bolt.
As far as I’m aware the design is not in pattent so those who are handy with a small machine shop can make their own fairly easily.
Spamalot β’ July 6, 2017 9:16 AM
AirBnB places should have 2 pass authentication for keys… one physical, followed by a pin code
Scott β’ July 6, 2017 9:41 AM
Reminds me of your post on an image of TSA keys being posted online:
https://www.schneier.com/blog/archives/2015/09/tsa_master_keys.html
AJWM β’ July 6, 2017 10:18 AM
I remember your surprise when I mentioned that most conventional keys could be cut from photographs (or in my case when I was a teenager from a little knowledge and ability to remember the basic shape).
In my own somewhat misspent youth, I made a master key from a rubbing (with pencil and paper) of the original. I had to build up the “blank” (my own room key) with solder to fully match the shape, but it worked.
Hmm, now I’m going to have to try 3d-printing a key, to satisfy my curiosity.
herman β’ July 6, 2017 10:22 AM
Hmm, if the new key isn’t made with a plastic 3D printer, then it isn’t newsworthy…
To me, any place where you actually need to lock your doors, isn’t really fit to live in. When I was growing up, we never locked the house or the cars. If your house was locked, then your friends could not walk in and make themselves a cup of coffee while they wait for you!
cg β’ July 6, 2017 10:32 AM
Now It’s Easier than Ever to Steal Someone’s Keys
The website key.me will make a duplicate key from a digital photo.
Excuse me, Mr. Schneier, those federal charges for burglary and grand larceny do not just go away that easily.
If a friend or coworker leaves their keys unattended for a few seconds, you know what to do.
Constantly following, harassing, and stalking an unwilling “coworker” for the opportunity, spiking her food and drink with drugs and alcohol, picking her pockets while she is asleep, now you are looking at the minimum at felony charges for robbery under any state or federal statutes at the first opportunity for arrest.
Having been absent from this board for a couple of months, I am astounded by the criminal mindset that seems to have become all the more overt here with the open encouragement to commit such crimes.
Jason β’ July 6, 2017 10:41 AM
@Clive I should have called it a keyless deadbolt for clarity. Like this one: https://www.amazon.com/Kwikset-667-Rcal-Keyless-Deadbolt/dp/B0143J7H6I/ref=sr_1_12?ie=UTF8&qid=1499355558&sr=8-12&keywords=keyless+deadbolt
Rhys β’ July 6, 2017 11:04 AM
Door locks only keep the honest man honest.
The determined have entirely different mindsets.
Homes are inherently porous.
Identity theft is an annuity with greater ROI than a one-time smash & grab. Lower risk and penalty, too.
What was that old dictum, steal a loaf of bread- they cut off your hand. Steal an empire and build statues to honor you.
nycman β’ July 6, 2017 12:08 PM
In most parts of America we don’t worry much about low quality locks or keys. They merely make up a first layer of defense. The possibility of a shotgun pointed to the trespasser’s head acts as the main deterrent.
Patrick β’ July 6, 2017 2:43 PM
Shawn McMahon: You are referring to Abloy Classic, or perhaps Disklock. Both are very old (though still considered good locks) – Classic dates to 1907…
Try doing that with Protec or the new Abloy Groove. There is third-party equipment available to cut Protec, but it’s a lot more expensive than $300 (certainly above 100x that atleast last time I checked), plus you need blanks.
The only really feasible way to copy a Protec key on a reasonable budget is to make a mold, and even that is harder than it might seem since you need an actual 3D mold and not just a “clamshell” type imprint of each side.
You don’t get all information needed to reproduce a working key from a photo either, which can be a more dangerous threat than a straight copy.
With Protec2 you have the additional hassle of an interactive element in the key as well (though easy to bypass if you are willing to poke stuff into the lock to open it it’s hard to manufacture a blank containing it).
There’s also the hazard of being able to cut a key to code, since that allows you to attack master-key systems (see Matt Blaze’s publication about it). For Protec this is at the very least a lot harder than standard pin tumblers.
So is it impossible? No – like physical security in general everything is about raising the bar for an attacker and using a layered approach to security.
And for a lot of use-cases simply not being able to copy the key at the local hardware store is already a big win.
Count0 β’ July 6, 2017 3:12 PM
Not that I totally trust them, but they claim they will not make keys unless the key is removed from the ring to prevent taking pictures of someone’s keys at a distance. Will photoshop work to fool this, probably. But who thinks normal keys are secure anyway?
Adrian Demarais β’ July 6, 2017 3:53 PM
From their website:
“Save a key on our platform, print it at a kiosk with just a fingerprint scan.”
I wonder how secure their kiosk fingerprint scanner is against the gelatin fingerprint hack?
ab praeceptis β’ July 6, 2017 4:23 PM
I’m under the impression that keys (as in “door lock” not as in “crypto”) aren’t seen and understood properly.
Locks are not meant to keep others out, at least not 100%. They are meant for 2 main purposes: a) To make it (somewhat or even much) harder to get access to some are, be that a house or a drawer, and b) they are meant to create legal facts (Pardon my poor english), i.e. to be able to solidly state “XYZ had evil intention, he knew that he was not allowed to access that area, and he made considerable efforts to do it anyway”.
Also not that key.me (and similar) do not change anything in principle; they merely change things quantitatively. Even 200 years ago one should be careful with keys; the current change is merely that it’s even easier to copy keys and that one does not even need to have a keys for some (usually short) time but that merely being able to see them is sufficient.
Accordingly the protection I expect to be suggested is to somehow cover them.
Also note that, while seen from our rather technical perspective, putting up legal hurdles (as some companies do) might seem ridiculous it actually isn’t when viewed from the legal perspective.
Finally, that “evolution” isn’t one sided and favouring only the bad guys. The same technical evolution also provides us with, for instance, tiny surveillance cameras, complex alarm systems, etc. Again keep in mind that the legal perspective isn’t simply to avoid e.g. burglary but also to prove it, tp have clearly demonstrated factors like evil intent, etc.
All that said, what I see from lock companies in terms of “electronic” or “digital” lock systems is ridiculous stuttering in the vast majority of cases.
Andrew β’ July 6, 2017 6:07 PM
These are pretty good, they have copy protection. You cannot even duplicate one for yourself without the assiged card:
http://www.mottura.it/en/products/high-security-cylinders
For safely you need to double it with an alarm anyway.
Wael β’ July 6, 2017 10:57 PM
Now It’s Easier than Ever to Steal Someone’s Keys
And also traceable:
Verified Users: All transactions are verified with a credit card. Additionally, we require email verification for mobile and fingerprint submissions for kiosk.
I think it’s a neat idea and can help during emergency situations. I’ll probably give it try (perhaps with a cabinate key or something to start.) The problem I see is how to protect the image of the key at rest on the device and the server. Also, I’d like to see the service provider correlate older orders with names against new orders that match the saved key image but with a different name / shipping address.
Willem β’ July 7, 2017 12:15 AM
Key.me is building a database which is very useful for burglars. Key photo + address.
@Sami
As Finnish houses have walls with only wood plank, anyone with a crowbar or saw can make an unauthorized entrance. So why don’t thieves do that?
Drone β’ July 7, 2017 2:25 AM
@nycman said, “In most parts of America we don’t worry much about low quality locks or keys. They merely make up a first layer of defense. The possibility of a shotgun pointed to the trespasser’s head acts as the main deterrent.”
Not any more…
In large parts of the East and West coastal regions of the U.S., as well as most the Northern mid-West, the areas with the largest population concentrations in the U.S., there are highly restrictive gun control laws that have been progressively put in-place over years that are aimed at deterring lawful private gun ownership and possession. In most of these areas it is now so restrictive, you are essentially only allowed to carry a gun inside your own home (and that is permitted due to what very little is left of our Second Amendment rights).
And now to deter any lawful use of a gun even within one’s own home, we are seeing more and more Judicial Activists prosecuting home-owners if they use a gun for self defence. The goal is to make lawful gun owners so fearful of being prosecuted for pulling the trigger, they’ll simply stop being gun owners.
Patrick β’ July 7, 2017 3:46 AM
Regarding databases of keys, a lot of lock makers already keep databases of systems… and encourage/force locksmiths to use their centralized storage instead of keeping the information on their own.
Yes, not the brightest idea.
Rachel β’ July 7, 2017 6:40 AM
A very famous person made a video easily available demonstrating how %80 of locks can be opened with a couple of paperclips. It’s not something I’ma advocating at all, but does put the aforementioned concept closer to security theatre status.
Not really related- but it has been discussed on this blog before, about the usefulness of changing the locks on ones car so the lock is not synonymous with the brand of car or other produt
@ Drone
@ Nick P @ tyr (the latter because you’ve made some interesting comments about guns)
I’m not a us-american, but the following was recommended to me by a us-american. stand up comic Jeff Jeffries on gun control. he manages to concisely ‘nail’ and finish the argument for all time in a matter of minutes in an utterly hilarious manner.
It is security related in the sense the topic inevitably gets mentioned here by us-americans as part of their [consensual] reality, and because its essential viewing for anyone taking a stsance on the issue. The comics logic raises the bar so high on the issue it’s impossible to say much more. Love the way stand ups, like the royal court jester apparently, are able to comment and inform and hopefully influence our society in ways no one else can.
@ Mod apologies if I’ve just increased your work hours π
Clive Robinson β’ July 7, 2017 7:41 AM
@ ab praeceptis,
I’m under the impression that keys (as in “door lock” not as in “crypto”) aren’t seen and understood properly.
Mostly they are viewed incorrectly. The first mistake people make is not realising they are in general a deterrent only. That is the only real security value they have is as a delaying mechanism, generaly of quite short order. If you see a newtonian “bump key” in use by a trained person, they can aproach and open the door faster than the legitimate key owner can fish the key out of their pocket. Likewise those well practiced with pick guns can open a lock with little time.
Although I have not done it for a while I could “impression” a five lever and ward mortice or five pin cylinder lock and hand file a new master in a lot less than an hour, and could pick many locks in a matter of minutes. Many do not realise that a lot of padlocks and electrical switch –ignition etc– locks are designed badly thus a bent nail or L shaped piece of metal will open them just like the fancy looking key.
As was once observed “Locks only keep the honest honest”…
@ All,
Which brings on a little known fact but is bleedingly obvious once you know. For each locking device be it ward / lever / pin there are very few cutting hights often as few as four. Likewise there may be as few as five levers or pins, and in many lever based locks as they are designed to be opened from both sides all but the middle lever are in pairs hight wise.
Thus there are as few as 12 lever key shapes and maybe 20 pinning patterns…
What makes the difference is “plate depth”, “spindle diamater” and ward gate with lever and ward locks. With basic cylinder locks it’s the cuts / folds in the key blank and pin offsets.
Which gives you the bad news on just how few numbers of commodity locks there are. Thus it would be pointless keeping a database to try to detect unauthorised people getting keys cut.
Oh and one thing to consider if you take a photo of a cylinder lock key when it’s flat on a table to see the pin hight cuts, the cuts and folds in the key blank are not obvious. Likewise when you take an end of key shot to get the cuts and folds of the blank or photo of the lock face plate to do the same thing the pin hight cuts are not obvious. To put it another way, with a little photoshopping there is no connection between the blank cuts and folds and the pin hight cuts. Thus it’s the same issue as having a brief case with two three wheel combination (ie 2 x 1000 possibilities) and a central four or more wheel lock ( thus a six wheel would have 1 x 1000000 possibilities).
As a final thought on cylinder lock blanks, they are often stamped out to give the folds, but the cuts which are more expensive are cut with a horizontal mill wheel. It is very easy to get brass strip and a home milling machine to cut the strip down to the basic box shape. Then using a mill cut out a sufficiently good approximation to the cuts and folds.
Even in very complex supposed “high security” locks the security is more illusory than actual.
In part this is because of the problems with mechanical devices wearing and binding, thus looser tolerances or “slop” is an absolute requirment of the design… It’s why all mechanical locks can be picked or even impressioned.
But also often they are a pointless buy because the door and frame design are way easier to cut through with a petrol driven cutting disk, that bailiffs and court enforcers carry as standard kit.
If you actually want to increase your security a bit cheaply one way is to make a cylinder lock “bind against the door frame” as it makes traditional lock picking and even pick gun usage much harder. One way to do this is have a mortice lock slightly out of line and rubber draft excluding strip. Thus to lock the mortice you have to pull the door hard against the springyness of the rubber with the door pull. In the process the spring latch of the cylinder lock also binds against the door frame. It’s a mild inconveniance to the legitimate user but it slows others down a lot.
Another way is to have a six or eight point deadbolt system. If you go to Portugal or Spain these are quite common. When set up correctly the likes of even the Police have real trouble opening them. Let’s put it this way I’ve seen commercial safes for cash storage that are less secure.
Also have a look at the various door designs used by the notorious Mexican “tunnel rat” Drug Boss. The guys working for him worked out how to make doors not just battering ram proof but also cutting disk / torch near proof as well. Certainly it would delay the authorities so long he could have a sandwich and beer befor leisurely walking to his hidden escape tunnel and be miles away by the time they authorities got in to find him and his lieutenants gone and the tunnel blocked with similar doors etc.
JF β’ July 7, 2017 7:44 AM
@Drone
“Not any more…
In large parts of the East and West coastal regions of the U.S., as well as most the Northern mid-West,…
… The goal is to make lawful gun owners so fearful of being prosecuted for pulling the trigger, they’ll simply stop being gun owners.”
What a bunch of hooey! I’m in Florida, population 20 millions, and a Florida Concealed Weapons Permit is honored in 35 other states. And, in our state, there is a law – “Stand Your Ground”, which makes it nearly impossible to prosecute a shooter, provided the perp is not prohibited from owning a gun because of a prior felony. As should be expected, gun violence and deaths have increased dramatically since the passage of that bit of foolishness.
No state that I am aware of prohibits gun ownership for self defense in the home.
The second amendment speaks of a “well regulated militia”. The gun industry promotes the absurd idea that “well regulated” means no regulations. Talk about a safety and security threat!
Andrew β’ July 7, 2017 8:12 AM
Some of you miss the point, it’s not about breaking in, it’s about getting in.
I knew I have it somewhere:
http://www.locks.su/test/test_full.asp?lg=eng
Andrew β’ July 7, 2017 8:31 AM
Why my comment had been deleted?
Moderator β’ July 7, 2017 8:50 AM
It looked like spam. Comment reinstated.
Andrew β’ July 7, 2017 9:06 AM
Good, I thought those movies were considered dangerous.
trent β’ July 7, 2017 10:28 AM
@cg
re: If a friend or coworker leaves their keys unattended for a few seconds, you know what to do.
It’s interesting you took that line with it. My response was “tell your co-worker about how dangerous unattended keys are now, and send them a link to this article”.
Patrick β’ July 7, 2017 2:37 PM
Clive Robinson: There are mechanical high-security locks that certainly will put up quite a fight for even a high-level attacker. To the point where non-destructive entry in the field is quite unlikely, atleast.
I don’t think there’s any mechanical lock with a key that you can expect to last more than an hour in the worst case, but some of the Group 1 combination locks certainly will. These are the ones traditionally used to store classified material when being able to detect a compromise is a high priority.
If it’s a normal cylinder usually covert entry will be by drilling and replacing (though you will need exact drill points for the surrounding mechanism if the lock is of a type where drilling the lock itself invariably destroys the code), but it can get really interesting in a safe/vault type scenario where the lock is mounted deep inside a door full of hardplate, and drilling potentially takes many hours.
thoromyr β’ July 7, 2017 3:27 PM
@AJWM
I didn’t think a 3d printed key would have the strength to operate a lock, but when told it couldn’t be done I had to see. For most plastic 3d printers I wouldn’t rely on such a key for a really stiff lock, but it can certainly be done. I have no particular skill at modeling and just worked from a photograph, though admittedly it was a simple lock.
Patrick β’ July 7, 2017 4:04 PM
thoromyr: You can always print half of the key (or however much is needed to operate the mechanism) and then turn the lock by inserting a tension wrench or screwdriver.
Also, there are services for submitting designs and having them printed in various sturdy materials (like metal). These have been successfully used to duplicate keys.
Plus – don’t forget old fashioned “subtractive” manufacturing / CNC. There’s a famous machine called the Easy Entrie for duplicating keys without matching blanks that uses this method together with laser scanning to read the original.
K15 β’ July 7, 2017 6:40 PM
How do you warn someone who has their keys in plain view, if you only have a public comm channel for doing so?
JG4 β’ July 7, 2017 9:20 PM
There are 3D printers that use metal powder, usually fused by laser. At least one of those systems then infuses the resulting porous stainless steel body with brass to make a strong metal composite. I’m too lazy to chase down the links, but you can find them on youtube and enough metal fusing videos to burn the rest of your time on the blue marble. Those systems aren’t likely to be portable enough to make the keys on-site.
Someone demonstrated a laser scanner that could read anyone’s fingerprints from a distance. I can’t recall if I saw (or posted) the link here, but that is likely. Any decent camera with a telephoto lens will have enough resolution to capture the image of a key from a significant standoff distance, any time that it is inserted into a lock outdoors. The threat model is evolving as surveillance becomes less expensive.
http://www.popsci.com/technology/article/2012-06/fingerprint-scanner-captures-prints-20-feet-away
Your conception of subtractive machining is due for an update; it no longer requires a 2200-pound vertical mill:
Hexapod Robot CNC Router – Cutting 3D face
https://www.youtube.com/watch?v=quN37YskoaM
Jim Rockford would be envious, but this is too much like Mission Impossible. It could easily make keys and could easily be powered from the cigarette lighter socket in a car.
11thDegreeBeigeBelt β’ July 8, 2017 2:43 AM
While sitting in a parked car, I witnessed a thief hopping a fence from the backyard of a suburban home then walk right by my car while carrying a stolen rifle and toolbox.
Just having guns inside your home doesn’t mean you’ll be able to use them, and in fact many guns are stolen like the one I witnessed. How many times do we read, “the crime was committed with a stolen gun?”
Responsible gun owners keep their guns in gun safes, but then they won’t be ready for a criminal. But if you keep your gun handy, it’s also inherently handy for someone to steal when you’re not at home, which is probably when most thieves intend to strike.
Also, having a gun increases the odds of a successful suicide attempt by someone in the household. Plus, if you mix in alcohol and an argument, the risk of murder goes up in households with a gun. You can run around the kitchen table away from a person waving a knife, but you can’t do that as effectively if he’s pointing a gun.
But I like guns! Some of my best friends are guns. I wish the government would stop regulating our freedoms and allow gun manufacturers to make guns without safeties, which are a huge government intrusion into my personal freedom. Everyone who loves guns as much as I do should own a minimum of ten and remove the safeties. What if a criminal comes in and I barely have time to drop my Jack Daniels and pull my 9mm from my mouth THEN FUSS WITH THE SAFETY — all before the thief gets me? Feel me?
Still, a big bottle of pepper spray and a loud dog are probably better. The dog works while you’re away. And it’s unlikely you’ll commit suicide or murder someone with pepper spray no matter how wasted and depressed you are.
Gerard van Vooren β’ July 8, 2017 3:00 AM
@ Clive Robinson, all,
Please watch the story of Tim Jenkin with the documentary The Vula Connection. Recently I visited a presentation by him at the Technical University in Eindhoven (The Netherlands) about what he has done in the seventies to early nineties for South Africa’s ANC. After the presentation we saw the documentary. As always the docu was more dramatized for the general public and the presentation was much more technical and funny. He talked about how he escaped from a SA jail with wooden keys that he sawed himself for each door. After the escape he moved to London to set up what he called his own “GCHQ” and created a simple OTP based crypto communication system (he said he didn’t trust NSA crypto and William Binney, who was also in the room, laughed and confirmed that suspicion by shaking his head). The communication system was meant for communication between the ANC leadership (outside of SA) and the other members of the ANC in SA. He improved the system over the years from manual encrypting / decrypting that took hours to a simple program on counted floppy disks with OTP (in the presentation he showed the BASIC code) that were distributed and the phone, with Londen as the go-between. With that the ANC leadership could send full blown tactical operational data to the other members.
In short a very interesting and informative documentary about a “Woody Allen” kind of techie with a clear vision who achieved so much.
Clive Robinson β’ July 8, 2017 12:04 PM
@ Gerard van Vooren,
With regards the story of Tim Jenkin, you make a comment about the NSA etc that would make many “old lags” like myself smile.
But interestingly you go on to say Tim created a system,
He improved the system over the years from manual encrypting / decrypting that took hours to a simple program on counted floppy disks with OTP (in the presentation he showed the BASIC code) that were distributed and the phone, with Londen as the go-between.
Which if you replace “London as the go-between” with Moscow Central and ANC with the Russian IC entity then that part of the story would be the same…
The NSA,for years tried to break the Russian system with no success other than when the Russian’s against all knowledge to not do so, reused a percentage of the KeyMat.
The problem with such a centralised system is of course “traffic analysis” of signals that get seen/intercepted, which manual OTP systems are quite vulnerable to. In that although as an analyst you do not get the message contents you do get message length and frequency of sending which gives a broad indicator of work and a fine indicator of changes to routines etc.
There are good reasons not to trust NSA cipher systems some of which I’ve detailed in the past. But the biggy goes back befor the NSA existed and is down to William F. Friedman, working at the privately financed River bank, and hints can be found in some of the River Bank Publication’s he authored.
Basicaly they quite deliberately put mechanical cipher systems into the hands of the armed forces that they knew had variable key strength, some of which (20-25%) were very weak. These were to be used as field ciphers.
The idea behind it[1] may well due to the dual function the NSA and it’s predecesors had. That is to make strong systems for the US whilst also attacking the ciphers of every other nation (and it would also appear now other US IC and associated entities as well including the likes of NATO). What is not certain is where the idea originated, because what is now the UK MI6 pulled similar tricks on the SOE and other entities prior to and during WWII (look up “Poem Codes”).
Further with the likes Tor and the way it’s been designed not to solve the more important “traffic analysis” issues strongly suggests the weak cipher system design game is still well and truely in play.
[1] The idea is relativly simple to grasp and hinges on who issues the KeyMat to be used and their crypto knowledge. If you assume that the cipher system has a range of key strengths from very weak through to strong enough to be secure for a week-month against all attack methods “You” are aware of, then the week-month strength is fine for a field cipher, where messages only have to remain secure for hours not days or weeks. However you also have to consider what happens when your cipher machine inevitably falls into the hands of the enemy. You know that they will pull it appart to find out the mechanics of how it works, and depending on their sophistication will analyse it for weaknesses to the level they can. However untill relatively recently outside of the US, UK, Russia and one or two other places crypto knowledge was to put it politely primative. Thus an enemy not as crypto sophisticated may well copy and use the design –as indeed happened after WWI and WWII– without being aware of the weaknesses the system has. Thus they will –not knowing about the key weakness– select keys at random, sometimes using strong sometimes weak. Unlike the crypto sustems designing agency, that also issues the KeyMat thus can ensure only the strongest keys are used. The thing is that the weak keys will alow the gathering of information that will allows known or probable plaintext attacks which will in most cases short circuit much of the work involved with breaking strong keys. It is known that during WWII both the UK and later the US were breaking enemy high level ciphers and decrypting the contents often before the enemy recipient for whom the message was intended. Certainly fast enough that even field ciphers would be broken in time for a tactical advantage to occur.
Gerard van Vooren β’ July 8, 2017 1:44 PM
@ Clive Robinson,
Which if you replace “London as the go-between” with Moscow Central and ANC with the Russian IC entity then that part of the story would be the same…
That’s funny. He said at the presentation that at some point, I can’t be sure whether it was the NSA or CIA, paid him a visit and they were convinced that he must have had Russian help. He said no, it’s just a random number generator and a bit of BASIC code.
But about the single point of access, that was indeed weak. The lucky factor is however that the SA counterintelligence didn’t have a clue about what was going on. So they didn’t wire tap the phone lines. If they did they would have noticed the modem sounds immediately and then it would be easy to trace where the lines would lead to.
Thunderbird β’ July 12, 2017 10:18 AM
Thus it’s the same issue as having a brief case with two three wheel combination (ie 2 x 1000 possibilities) and a central four or more wheel lock ( thus a six wheel would have 1 x 1000000 possibilities).
Gee, I can’t often take issue with anything Clive says, but a two-wheel and a four-wheel lock is not the same as a single six-wheeler, since you can brute-force the pair in 10^2+10^4 ~= 10^4 time instead of 10^6. (Note: I am assuming that you can detect when either of the locks is successfully unlocked). Similar to the old password crack where you can check each character separately except here you can check 4 characters and 2 characters separately.
Apologies if I mistook your meaning.
Clive Robinson β’ July 14, 2017 9:50 AM
@ Thunderbird,
Gee, I can’t often take issue with anything Clive says, but …
I suspect something has got lost in translation…
What I was saying is that a three wheel has 1000 combs to try thus two would give you 2000 to try. Which is a lot less than the 10000 a four wheel, or 1000000 that a six wheel would give you.
The Weather Underground β’ July 14, 2017 11:40 AM
@ Thunderbird,
Gee, I can't often take issue with anything Clive says, but ...
Careful there. You do realise what happens when you take issue with Clives words, don’t you?
All your hardware, in all space time direction and dimensions, gets bricked.
So, that includes the hardware you are yet to buy. It’s bricked. Your offsprings hardware? Bricked. All of it.
Hint: it has something to do with Clive sharing Chuck Norris’s DNA
Lost Car Keys β’ May 15, 2019 3:05 AM
Thanks for having this article, it helps a lot. Itβs a well-written blog and it is very informative. Keep on blogging, looking forward to see more of your posts!
key fob copy β’ December 3, 2020 2:39 PM
Yep, losing a key is not recommended to anyone but it happens mostly when we do multi-tasking at the same time. The key fob copy service is not expensive but what will happen if someone enters our house using these keys.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Sami β’ July 6, 2017 6:51 AM
Here in Finland we have a dominant key&lock company, Abloy, which would say that their most recent keys are secure because this “cannot” be done to them due to patents. They require licensed key cloning services to follow a process that demonstrates authorization and ensures that the number of copies in existence is always known. They always rush to introduce new kinds of keys before the expiring of a key patent. Personally, I find this “our keys cannot be cloned since it is illegal” quite ridiculous, though it certainly does seem to make it harder in practice since they could shut down anybody who makes or distributes blanks.
The locks are very high quality, though. Always makes me wonder how you survive in countries where locks are bad, although it probably doesn’t matter if you also make doors that open inwards and can be trivially kicked in.