Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safecracking for the Computer Scientist

Posted by michael on from the alternate-lines-of-work dept.

secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS professor best known for finding security flaws in the NSA Clipper Chip and in master keyed locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site entitled Safecracking for the Computer Scientist, which is a pretty in-depth look at what computer security can learn from safes (and vaults). The interesting thing is that it describes in detail the different ways that safes are cracked, probably revealing techniques that locksmiths would rather you didn't know about (there's a lot of security-by-obscurity there). The conclusion seems to be that while safes can fail, at least they do so in better ways than computer systems do. Warning: it's a 2.5 meg pdf file with lots of pretty pictures."

24 of 322 comments (clear)

  1. slashdotted by jon787 · · Score: 2, Funny
    The conclusion seems to be that while safes can fail, at least they do so in better ways than computer systems do.

    How about a safe holding up to the /. effect, hmmm?

    wgetting it at 12 K/s :(
    --
    X(7): A program for managing terminal windows. See also screen(1).
  2. Unable to determine IP address by fire-eyes · · Score: 1, Funny

    While trying to retrieve the URL: http://www.crypto.com/papers/safelocks.pdf

    The following error was encountered:

    Unable to determine IP address from host name for www.crypto.com

    The dnsserver returned:

    No DNS records

    That's helpful.

    --
    -- Note: If you don't agree with me, don't bother replying. I won't read it.
    1. Re:Unable to determine IP address by NanoGator · · Score: 4, Funny

      " Unable to determine IP address from host name for www.crypto.com

      Wow, that's pretty darned secure!

      --
      "Derp de derp."
  3. Re:not that obscure by Spellbinder · · Score: 3, Funny

    you have to be able to read
    so it is quite obscure

    --


    stop supporting microsoft with pirating their software!!!!!
  4. The shocking secret the industry wants covered up by Anonymous Coward · · Score: 5, Funny

    All safes open using a maintenance combination of 12345.

  5. Re:spoof? by sfjoe · · Score: 4, Funny

    Did anyone else read the headline and think this was some horrible spoof on "Queer Eye for the Straight Guy"?

    Well, now that you mention it ... no.

    --
    It's simple: I demand prosecution for torture.
  6. (sarcasm mode) by t_allardyce · · Score: 1, Funny

    Its all these damn trouble making hackers and lock-pickers figuring out how to do it! Damn commies.

    --
    This comment does not represent the views or opinions of the user.
  7. Re:The shocking secret the industry wants covered by KillerDeathRobot · · Score: 5, Funny

    That sounds like the combination some idiot would have on his luggage.

    --
    Thinkin' Lincoln - a web comic of presidential proportions
  8. Re:spoof? by big+tex · · Score: 2, Funny

    Except that 'funny' mods don't get karma.

    Other than that, which forms the entire body of your argument, you're spot on.

    Me, I was amused by the name of the safe-cracking book mentioned in the PDF: "The Art of Manipulation." I'm sure that's the name of a low-budget pr0n film.

    --
    I think I need a new sig here.
  9. Re:cse professor by big+tex · · Score: 5, Funny

    To top it off, his mastery of punctuation and the Shift Key is far better than yours.

    --
    I think I need a new sig here.
  10. Re:The shocking secret the industry wants covered by R2.0 · · Score: 5, Funny

    True story.

    I needed access to secured room of a building my company was renovating. It had a pushbutton type combination lock on it (or some such). I asked the combination, and the maintenance superintendent said "1-2-3-4-5". I immediately blurted out "1-2-3-4-5? That sounds like the combination some idiot would put on his luggage." Straight Pavlovian response to a Mel Brooks straight line.

    It was only after a 5 seconds of being stared at that I realized that the Superintendent had intentionally set that combination, and he was NOT a "Spaceballs" fan.

    --
    "As God is my witness, I thought turkeys could fly." A. Carlson
  11. Hacker vs cracker by AtariAmarok · · Score: 4, Funny

    This one throws a monkey-wrench in the works of the old "hacker vs cracker" argument. If someone is a redneck safe-cracking computer scientist from Georgia, what category do they fall into? Hmmm?

    --
    Don't blame Durga. I voted for Centauri.
    1. Re:Hacker vs cracker by forceflow2 · · Score: 2, Funny

      My dad :-(

  12. Re:The shocking secret the industry wants covered by oman_ · · Score: 3, Funny

    So I was reading the DaVinci Code and the main characters discovered that the account number for a swiss bank account was the first several digits of the Fibbonaci sequence.

    The first thing I thought to myself was:
    "That sounds like the combination some GENIUS would have on his luggage!"

    --
    Rats would be more funny if they could fart.
  13. Re:Considering the audience... by MrLint · · Score: 5, Funny

    ...is posting safe-cracking techniques on /. responsible behaviour?

    Well i dont think we have much to worry about here. As most /. readers wouldnt be able to get past teh 1st level of physical security around any safe. Namely the door at the top of the stairs to their parent's basement ;)

  14. Re:Considering the audience... by forceflow2 · · Score: 2, Funny

    That's not fair, I live upstairs. I take offense for all of us readers who can't even make it to the stairs.

  15. Re:not that obscure by Arctic+Fox · · Score: 5, Funny

    Ever read /. at -1?
    You'll discover that you are incorrect, Sir.

  16. Re:The shocking secret the industry wants covered by vspazv · · Score: 3, Funny

    They changed the timeclock override password at work from 00000 to 12345 because the button broke from overuse :)

  17. Re:Best home safe is a home vault... by Anonymous Coward · · Score: 1, Funny

    And then wrap the whole thing in tin foil. You know, just to make sure.

  18. New PIN posted *on* the door by xixax · · Score: 4, Funny

    I walked past the gym we have in the basement of our building. When too maany (non entitled) people started using it, they changed the PIN on the door. I know this because some Brainiac posted a apologetic notice on the door that helpfully included the *new* PIN for regular gym patrons.

    Unfortunately it was taken down before I could take a picture of it.

    Xix.

    --
    "Everything is adjustable, provided you have the right tools"
  19. [I stole this post, don't know from where] by narcc · · Score: 3, Funny

    I tried that myself with my new Quanilon(tm) quantum CPU from AMD. The problem I had, was when the cooling fan failed the CPU overheated -- causing the probability wave to colapse -- and my cat died...

    --
    Required reading for internet skeptics
  20. Re:The shocking secret the industry wants covered by morzel · · Score: 2, Funny
    3. Something you are
    Yeah... Because we all know it's a good idea to have criminals need (a part of) you to get access to whatever it is they want.

    I do agree with the other points though.

    --
    Okay... I'll do the stupid things first, then you shy people follow.
    [Zappa]
  21. Re:The shocking secret the industry wants covered by Randy+Wang · · Score: 4, Funny

    Bah. A real genius would set his combination to the LAST few digits of the Fibbonaci sequence ;-)

    --
    --- Egads, I glow in the dark!
  22. Re: Multiple levels of encryption weaker? by EsbenMoseHansen · · Score: 2, Funny

    Please explain to me what 0.7 bits is? ;-)

    Sorry for nitpicking, but the above statement is rather silly, unless you can think up a way of generalizing the definition of a bit to include rational numbers ;-)

    As we both know, this is toally besides the point :) The point of course, was that by more bits we don't mean shifting the original letters more, we mean shifting the letters in more ways. Eh. Approximately.

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.