Slashdot Mirror
Safecracking for the Computer Scientist
secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS
professor best known for finding security flaws in the NSA Clipper Chip
and in master keyed
locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site
entitled Safecracking for the
Computer Scientist, which is a pretty in-depth look at what
computer security can learn from safes (and vaults). The interesting
thing is that it describes in detail the different ways that safes are
cracked, probably revealing techniques that locksmiths would rather you
didn't know about (there's a lot of security-by-obscurity there). The
conclusion seems to be that while safes can fail, at least they do so
in better ways than computer systems do. Warning: it's a
2.5 meg pdf file with lots of pretty pictures."
The information for the way that locksmithing is done (including lock picking) is available in most libraries. Ditto for safe and vault construction methodologies for the past 120 years.
Cmon, you expected a 2.5 mb file to last...
Here's Google's HTML-ification of the pdf (sans said 'pretty pictures')
http://mirrordot.org/stories/a98b5b5fc2096a7b567c4 b2e77ca0f1f/safelocks.pdf
Google HTML cache of the PDF:
: www.crypto.com/papers/safelocks.pdf+safelocks+cryp to&hl=en
http://64.233.161.104/search?q=cache:uKCwKOYICgkJ
-JD
http://shell.athenet.net/~files/safelocks.pdf
Don't leave home without it.
We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower
Um ... only partly due to social engineering and fast thinking.
For the rest he either tried the standard shipping combinations (25-0-25) or (50-25-50); in many cases the safe combinations were never changed from the "default" combination.
For the rest, he would lean on the safe, twiddling the dial in what appeared to be a random, nervous twitchy thing, when in fact he was trying different combinations in increments of 5 digits. Those locks had rather wide notches in the wheels, and would respond rather nicely (with those nice rounded shoulder cuts) to a number +/- 3 digits. He only had to try numbers in steps of five to come close enough to get the lock open. Remember, he wasn't trying to get the EXACT number, just get the thing open.
He'd return to his office, and note the combination for that particular safe and write it down. Ah, security.
If 00000000 is an acceptable nuclear missle secret launch code, then 12345 has got to be NSA-level security!
HIV Crosses Species Barrier... into Muppets
Yep, same technique used by Robert De Niro in The Score. To which when questioned if the concept would work he replied "It's physics".
/me runs to the convenience store with an aquarium heater and balaclava.
So is it chemistry or physics that makes this work? I suppose the pressure generated by the explosion is the main factor to success but what about a purely chemical reaction via an exothermic reaction in the water causing it to expand....
If You Drink, Don't Park, Accidents Cause People.
Locks, Safes and Security: An International Police Reference Two Volumes is apparently a wonderful book all about the history of lock-picking and its evolution, including ways in which things were overcome. Although the book is a bit pricey.
uh-huh, ever try to drill a *small* hole into armor plate with man-portable power tools? Please try that sometime, I would reccomend warming up by attempting said feat on an iron beam used to make the average american skyscraper. I actually tried that in my apartment in Chicago to mount something in the window; once through the drywall my eighth-inch titanium nitride bit powered by third horsepower motor did nothing more than polish the steel. embarrasing. Anyway, to put in water and explosive you'll need what, a one-inch hole? Maybe an oxygen lance would be better.
The verb is to "tamp". It makes an explosion more effective by physically constraining it. For example a stick of dynamite if left on a road will create a pothole a foot or two deep. Whereas several sandbags placed on top will create a crater multiple feet deep. The improvement results from directing the explosive force, but also by helping the explosive fully combust. In fact the need to tamp is the difference between a "high" and "low" explosive. The later being able to burn under the right conditions.
I see the same thing with, "Laughing so hard X was coming out my nose." Come on. As an adult, unless have a serious degenerative disease affecting your ability to control bodily reactions, that doesn't happen.
It can happen, if something really funny comes up at just the wrong moment. I had it happen to me a couple years ago with lemonade as I was playing Scattergories with some friends. Lemonade is actually quite painful in the sinuses.
That said, I'm sure that 99.9% of the times you see that it's not true.
A good locksmith specializing in safes doesn't care if you know how safes are opened-- on the contrary, they'll tell you all about it. The job of a competent physical security professional is give the client a straight and honest description of how the product works and what its weaknesses are, and safes are no exception. I've worked for a locksmith for the last ten years and it's company policy to show clients exactly what they're getting and/or what they already have. With safe openings, my boss explains exactly what he's doing and how it all works. Admittedly, there are a lot of locksmiths who think this should all be top secret stuff, but they're just fooling themselves. All the info is out there. There's no official schooling for locksmiths, and no coherent regulation of the profession. Subsequently, there's no way to really keep the information out of the hands of "criminals" while still allowing access for beginners trying to start out in the profession. You can join the Associated Locksmiths of America essentially by just saying you're a locksmith, although you'll be approved for membership quicker if you have the recommendation of an existing ALOA member. Once you have an ALOA membership number, you're a locksmith as far as the "keepers of the knowledge" are concerned. Heck, you don't have to have anything but fifty bucks and a mailing address to subscribe to The Locksmith Ledger, and they frequently have articles on opening various safes.
Really, none of the techniques outlined by Mr. Blaze in the PDF are any big secret. Anyone with access to such a lock mechanism (buy a safe and you've got one) and a little brainpower can figure all that stuff out. The thing is, drilling a safe requires fairly specialized tools and is very noisy. Manipulating a safe requires a lot of practice, and even an expert can take a LONG TIME to get into a safe. There's no astounding revelations there. Walk into my boss' locksmith shop and he'd show you all that. I've tried my hand at both drill penetration and manipulation, and there are no "secrets" that make any of that stuff easy. At best, the knowledge it just makes it possible-- and that knowledge is available through simple observation.
If a job's not worth doing, it's not worth doing right.
They make those, but my boss refuses to install them anymore, even if the customer wants it. We've seen too many cases of fritzed electronics, dead batteries, and broken wires with those things. I have only once seen a regular mechanical combo lock fail spectacularly, requiring drilling to open the safe, and in that case the lock "worked badly" for WEEKS beforehand (but the customer, of course, waited till it broke). Electronic locks tend to have binary failures: the work fine up until the point where they don't work at all.
If a job's not worth doing, it's not worth doing right.
That technique was used in the movie "The Score". I'm not sure that it would work on a real safe using a small charge. Also, you would have to drill two holes, one to let water in and one to let air out, or it is going to take a long time to fill.
A guide to science in movies - comments on the movie the score
Anarchists never rule
According to http://www.cis.upenn.edu/departmental/faculty/ the CIS faculty of Penn Uni has a faculty member named Assoc. Prof. Matthew Blaze.
If you break open a firecraker (many will come apart just by applying pressure to the middle with your thumbs, holding the ends with your indexfingers, like snapping a twig) and light the exposed ends of scary explosives, all they'll do is fizzle a bit and make pretty sparks.
Without containment, there's no pressure to build up, and explosives typically don't explode, but just burn quite rapidly.
So, reinforcing firecrackers can make them a lot louder/destructive.
SCO employee? Check out the bounty
But who knows if the combined algorithm has a flaw that neither algorithm had, separated?
As for simple layering the same protocol, consider this (silly example): Exchanging each letter with the letter n positions futher along the alphabet does not get more secure by being done multiple times.
The same holds true for 3DES and every asymetric encryption method I have seen.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
I believe the original poster simply misremembered the combinations mentioned in the book. My memory may have been corrupted by seeing your post, but I'm pretty sure the combinations in this story were 50-25-50 and 25-50-25.
Oh wow, I love Amazon. Find Surely You're Joking, Mr. Feynman! on Amazon and use the search function to look for "Safecracker meets Safecracker". Click on the last link on the first page, and you can find the exact text. The combinations in the book are actually 25-0-25 and 50-25-50. It also turns out that it only opened 1/5th of the safes, not 1/3rd. That book search rules!
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Dude you would need a hell of a drill to punch a 1\8" hole through an ibeam without a pilot hole. Milwaukee makes one, it's basically a portable drill press with a badass electromagnet in the base of it. It costs about as much as a pretty good used car. Failing that, you go buy a complete drill index -- it's a set of drills that start a little bigger around than wire and get bigger in 1/64" increments -- and you start with a very tiny one and drill a pilot hole. Use a sharp punch and a hammer to make a little dimple to start the drill. Then you work your way up through the index to the size hole you want. And, use oil. A couple drops at a time of light machine oil. Also low speed, not high. The speed and feed rate might be found in a manual but it's really a matter of feel. It's slower than you think.
To the poster below who is worried about the integrity of a building after a hole is drilled through a beam, calm down. It's a building not a jet fighter. You'd have to spend your life on the end of a drill to make enough holes to undermine the redundancy in any code-compliant building.