Slashdot Mirror
Safecracking for the Computer Scientist
secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS
professor best known for finding security flaws in the NSA Clipper Chip
and in master keyed
locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site
entitled Safecracking for the
Computer Scientist, which is a pretty in-depth look at what
computer security can learn from safes (and vaults). The interesting
thing is that it describes in detail the different ways that safes are
cracked, probably revealing techniques that locksmiths would rather you
didn't know about (there's a lot of security-by-obscurity there). The
conclusion seems to be that while safes can fail, at least they do so
in better ways than computer systems do. Warning: it's a
2.5 meg pdf file with lots of pretty pictures."
Cmon, you expected a 2.5 mb file to last...
Here's Google's HTML-ification of the pdf (sans said 'pretty pictures')
http://mirrordot.org/stories/a98b5b5fc2096a7b567c4 b2e77ca0f1f/safelocks.pdf
http://shell.athenet.net/~files/safelocks.pdf
Don't leave home without it.
We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower
If 00000000 is an acceptable nuclear missle secret launch code, then 12345 has got to be NSA-level security!
HIV Crosses Species Barrier... into Muppets
uh-huh, ever try to drill a *small* hole into armor plate with man-portable power tools? Please try that sometime, I would reccomend warming up by attempting said feat on an iron beam used to make the average american skyscraper. I actually tried that in my apartment in Chicago to mount something in the window; once through the drywall my eighth-inch titanium nitride bit powered by third horsepower motor did nothing more than polish the steel. embarrasing. Anyway, to put in water and explosive you'll need what, a one-inch hole? Maybe an oxygen lance would be better.
The verb is to "tamp". It makes an explosion more effective by physically constraining it. For example a stick of dynamite if left on a road will create a pothole a foot or two deep. Whereas several sandbags placed on top will create a crater multiple feet deep. The improvement results from directing the explosive force, but also by helping the explosive fully combust. In fact the need to tamp is the difference between a "high" and "low" explosive. The later being able to burn under the right conditions.
A good locksmith specializing in safes doesn't care if you know how safes are opened-- on the contrary, they'll tell you all about it. The job of a competent physical security professional is give the client a straight and honest description of how the product works and what its weaknesses are, and safes are no exception. I've worked for a locksmith for the last ten years and it's company policy to show clients exactly what they're getting and/or what they already have. With safe openings, my boss explains exactly what he's doing and how it all works. Admittedly, there are a lot of locksmiths who think this should all be top secret stuff, but they're just fooling themselves. All the info is out there. There's no official schooling for locksmiths, and no coherent regulation of the profession. Subsequently, there's no way to really keep the information out of the hands of "criminals" while still allowing access for beginners trying to start out in the profession. You can join the Associated Locksmiths of America essentially by just saying you're a locksmith, although you'll be approved for membership quicker if you have the recommendation of an existing ALOA member. Once you have an ALOA membership number, you're a locksmith as far as the "keepers of the knowledge" are concerned. Heck, you don't have to have anything but fifty bucks and a mailing address to subscribe to The Locksmith Ledger, and they frequently have articles on opening various safes.
Really, none of the techniques outlined by Mr. Blaze in the PDF are any big secret. Anyone with access to such a lock mechanism (buy a safe and you've got one) and a little brainpower can figure all that stuff out. The thing is, drilling a safe requires fairly specialized tools and is very noisy. Manipulating a safe requires a lot of practice, and even an expert can take a LONG TIME to get into a safe. There's no astounding revelations there. Walk into my boss' locksmith shop and he'd show you all that. I've tried my hand at both drill penetration and manipulation, and there are no "secrets" that make any of that stuff easy. At best, the knowledge it just makes it possible-- and that knowledge is available through simple observation.
If a job's not worth doing, it's not worth doing right.
They make those, but my boss refuses to install them anymore, even if the customer wants it. We've seen too many cases of fritzed electronics, dead batteries, and broken wires with those things. I have only once seen a regular mechanical combo lock fail spectacularly, requiring drilling to open the safe, and in that case the lock "worked badly" for WEEKS beforehand (but the customer, of course, waited till it broke). Electronic locks tend to have binary failures: the work fine up until the point where they don't work at all.
If a job's not worth doing, it's not worth doing right.
I believe the original poster simply misremembered the combinations mentioned in the book. My memory may have been corrupted by seeing your post, but I'm pretty sure the combinations in this story were 50-25-50 and 25-50-25.
Oh wow, I love Amazon. Find Surely You're Joking, Mr. Feynman! on Amazon and use the search function to look for "Safecracker meets Safecracker". Click on the last link on the first page, and you can find the exact text. The combinations in the book are actually 25-0-25 and 50-25-50. It also turns out that it only opened 1/5th of the safes, not 1/3rd. That book search rules!
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!