Slashdot Mirror
Safecracking for the Computer Scientist
secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS
professor best known for finding security flaws in the NSA Clipper Chip
and in master keyed
locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site
entitled Safecracking for the
Computer Scientist, which is a pretty in-depth look at what
computer security can learn from safes (and vaults). The interesting
thing is that it describes in detail the different ways that safes are
cracked, probably revealing techniques that locksmiths would rather you
didn't know about (there's a lot of security-by-obscurity there). The
conclusion seems to be that while safes can fail, at least they do so
in better ways than computer systems do. Warning: it's a
2.5 meg pdf file with lots of pretty pictures."
heheh, I think there's problem of a growing number of people who don't *bother* to read, though they have the gift of literacy. I don't think most computer geeks are guilty of that, however - everyone I know who's into IT in some also likes to read real live physical books.
But seriously, does anyone else get the sense that "I read that as X" posts are some sort of troll or karma whoring? Is there a secret society of trols out there that have devised this as a karma raising scheme?
I see the same thing with, "Laughing so hard X was coming out my nose." Come on. As an adult, unless have a serious degenerative disease affecting your ability to control bodily reactions, that doesn't happen.
Or am I completely alone in this?
I propose we adopt a new years resolution of not modding these type of posts up.
I think his comparison is on to something here.
A good safe is designed in layers, so that to get in, you have to break through each layer. And the more layers, the more time it takes. Safe-makers know no safe is completely secure, and all safes are crackable.
Time is the enemy of anyone looking to commit theft/robbery, whether that person is working physically or digitally. So the longer it takes the more secure the system it is.
While we defeinitely know security by obfuscation is stupid in terms of computer security, safety by layers makes sense.
If there were several layers of encryption (asymmetrical and symmetrical), compromising the system takes more time, and if one layer fails, the game isn't over just yet.
Admittedly secure traffic would be much slower than unsecured traffic, the benefits of this kind of layered approach would be more than worth it for data that needs to be as secure is possible.
You can't defeat physics.
The challenge for IT security is that computer science loves to use abstractions, encapsulation, APIs, libraries and what not that let the programmer ignore the details of the internal complexity of systems. The problem is that it leads one to assume that these systems behave in some idealized fashion (the logical, black-box model of the system). In reality, the systems don't always follow the assumed logical model or the ignored internals create side-effects that are unforeseen by the original programmer, but exploited by malicious actors.
For example, assumptions about metadata and syntax give rise to buffer overflow or malformed string exploits. In trusting that an input string will be its stated length or follow the official syntax, the programmer adheres to the logical model of the system but creates a vulnerability. Similarly, physical power consumption artifacts can let a cracker guess the state or internal activities of a smartcard encryption chip. The original programmer is unaware that the code creates these artifacts since most coding paradigms ignore issues such as the exact execution time of subroutines, power consumption of CPU instructions, etc.
Becoming security conscious means unlearning all the tricks that let a programmer ignore the complexity inside a system. It means understanding the real behavior of all the internals, all the side-effects, and all the system properties that might be observable or influenceable by a malicious party. That makes programming for security very different and very much harder that standard programming.
To mangle a metaphor, security means that one must peel the onion to ensure that it does not have contain an open door in its core.
Two wrongs don't make a right, but three lefts do.
Similarly, you can have as many security layers as you wish but if you forget to weld the back end of the safe or network on than they still do nothing for security... your only as secure as your weakest point of security.
If I remember correctly, Feynman used what many safe crackers and computer crackers still use today: the human factor. He relied partially upon secretaries writing combinations on desk notes and mechanical failings of filing cabinets. When you have lazy people who can't remember passwords/combinations, it becomes an exercise in getting the combination from people.
The chapter in Surely You're Joking only mentions two or three instances where he actually used stuff like that. Once when some other people needed a safe opened, and the people thought he might use a date. Feynmann tried every date in the 1900s* until he found what it was. Another time he needed something, and tried a couple mathematical constants, and 27-18-28 opened it. But that's about as far as he pushed that method.
Most of what he talks about that chapter was when he was able to figure out the last two numbers in someone's combination by fiddling with the lock when it was open. So the only human factor there was just people leaving their safes open.
*Rounded to the nearest multiple of 5
It also takes a lot longer. If you're questioning everything the C library is doing, you're going to spend all your time trying to break your own program before you've even written it! Something has to give somewhere.
From the PDF:
There are a few obvious things you can do, like avoiding unbounded reads, trimming down your strings, validating your input, etc., but who's going to think twice about calling fd_set()? Yet there's a vulnerability in the implementation of fd_set() on *BSD which could lead to denial of service or code execution. What's more, it's a tricky and subtle problem which even experienced programmers might miss. (It's also subtle and tricky to exploit.)
(It also affects more apps than the ones listed in the link there, and also affects some FreeBSD, and in theory might affect Linux. I'd post more links, but I'm short on time and long on the to-do list.)
So in short, you aren't going to have time or space in your head to know everything. But if you do the few obvious things, you'll greatly increase the security of whatever you write.
How am I supposed to fit a pithy, relevant quote into 120 characters?
IOW, you can't brute-force a 256-bit key.
Swear to God I want a "-1, Surely You're Redundant, Mr. Feynman" moderation just now.
Not /specifically/ directed at you, but the editors coulda saved a couple hundred posts if they'd mentioned him in the summary.
Yahoo! Pipes are awesome. How awesome? http://pipes.yahoo.com/jesdynf/slashdot
Yes, the problem in our society is not illiteracy, but aliteracy: nearly everyone can read, it's just that they don't.
Good safes tend to "fail secure" -- that is, when something goes wrong, you can't get into it even with the right combination. The only reason this is acceptable is there's still ways into the safe without damaging the contents. They're expensive (hardened drill bits ain't cheap!), require esoteric tools and knowledge, and hopefully take a lot of time and make a lot of noise, which a cracker doesn't want to do. Encryption, if it fails for some reason, is as hard to break for the legitimate user as it is for the cracker. Fortunately, it doesn't fail that often --- except for good old human factors, like the guy with the key forget it, lost it, or dropped dead.
That's iron oxide (rust), by the way. Anyway, was just making the point that to drill a safe or vault that actually held something of great value (not the $150 sheet-metal-coated-concrete type you get at Walmart or Office Depot) won't be like what you see in the movies: someone reaching into a pouch under their coat and pulling out a carpenter's cordless and making a half inch or bigger hole in a half foot or more of armoured steel. Now, if they have a Ford F-3 parked on the street, running a construction generator pumping out a few dozen amps at 240VAC, with a bundle of cables & hose coming into the door, and a drill motor with more power than a driving lawnmower, then yes, a man can "quickly" drill a hole in a half foot or more of armor.
Why on earth doesn't Slashdot set up a mirror first then link to that instead of bringing down people's websites? Bit/BlogTorrent are free last I checked. Linking to a 2.5MB file?! It's almost like they want the site to go offline.
There was a guy with Tsunami Videos on his blog which ended up costing him $1,000 before he knew what hit him. Does Slashdot compensate those with huge bandwidth bills? or give any warning prior to linking to something like a pdf?
What if Digg added local news and a Slashdot inspired comment karma system? ---
http://houndwire.com
Actually, the S&G lock he showed is pretty much current industry standard design. They're not as easy to manipulate as they sound. The principle is very simple, but the practice is extraordinarily difficult.
Even a cheap $2 Master pad-lock, as he briefly mentioned in two sentences on page 31, has false gates on the wheels, basically defeating all the simplistic techniques mentioned in the article.
They don't generally use false gates on the wheels of safe locks because the fence doesn't ride on the wheels while they're turning. The fence only drops down to contact the wheels when that smaller brass wheel in front is rotated so that thar hook shaped piece falls into it. False gates can make it more difficult to figure out where the real gates are, but the fact that they have a bottom and are not as deep as the real gate make them susceptible to the exact same analysis as a non-gated wheel pack. I think you are not entirely understanding how these locks work and the methods of manipulation he describes.
Although he states that these false gates are easily identified, trust me, they are not.
Trust you? You think an S&G 6730 lock (retail price $115.02, my price $69.01, 5 of them currently in stock at my lock supplier's warehouse in DC-- I just checked their online catalog) is "at least a hundred years old" and expect me, a locksmith with 10 years experience learning from a boss with 30 years experience, to trust your analysis? Please.
--------
Funny you should mention, but those cheap master locks with the false gates is absurdly easy to manipulate. As a locksmith I'll probably be banned from our secret society meetings for telling y'all this; but here, try it at home:
First off, those false gates are only on the last wheel-- the first to wheels are smooth except for the combination notch. Second, the "keyspace" for those master combo locks is a lot smaller than it looks. The dial may be numbered 0 through 39, but you can be within 1.5 in either direction of the correct number and the fence will drop in. For sake of ease of implementation of my manipulation method, I usually round that down to 1.25 because this allows me to divide the wheel into 16 increments 2.5 apart. So effectively the possible numbers are 0 2.5 5 7.5 10 12.5 etc.-- basically each of the numbers marked on the dial face and the halfway mark between them.
So now you have a keyspace of 16 * 16 * 16, or 4096 combinations. This is still a pretty big number, so let's reduce it. Pull up on the shackle and "feel" each of the points where there's a false gate on that last wheel. Around a certain number range it will feel "loose" because these lock wheels are never perfectly round and the fence of the lock will be stopped by the other two wheels. Once you find this loose space, you have a way to check if the other two wheels are correct. If they are, the fence will drop into them and your will feel friction at that formerly loose position. At that point you need only turn the dial until the third wheel gate is aligned and it pops open.
You only need to go through 16 * 16 = 256 combinations on those other two wheels to find the combination. And you don't have to "clear" the lock after each try either: You set the first wheel at (say) 2.5, then spin around to 0 and see if it rubs. If it doesn't turn back the other way again to advance the second wheel to 5 then see if the third wheel rubs. Then go back and advance the second wheel to 7.5 and check the third wheel. Do this 16 times and you've checked all the combos beginning with 0. Reset the lock (4 spins) and try the ones that start with the first wheel at 2.5. continue this process until lock opens.
The longest one of these has ever taken me is 20 minutes.
If a job's not worth doing, it's not worth doing right.
I'm a locksmith and any locksmith with half a brain should know that all of this is commonly available information. Certainly a few old fogies who think locksmithing is some sort of secret society like the Freemasons would pitch a fit if the customer wanted to see the inside of his safe lock. Or maybe they're pissed because they've been telling customers that the safes they're selling are "impenetrable", but if that's the case then they're the idiots. I have personally showed the various "safecracking" techniques to customers and let them try their hand at manipulating a combo lock. The theory is simple, but the implementation is darn near impossible without years of experience and practice. I've never had a customer decide not to buy a safe because I showed him how they're cracked and he thought it was "too easy". Basically, what it comes down to is that there's no such thing as 100% security. You Can pay more money and add more complication to get "more 9's", but a Star or Horizon in-floor burglary safe will keep out all but the most determined intruder. Honestly, any locksmith that thinks there are any "trade secrets" in the industry is foolig themselves. Anyone can get an Associated Locksmiths of America membership and a business license, and from there buy books that explain it all.
I seriously doubt that posting this on slashdot is going to lead to a massive upswing in safecracking. The one thing I've noticed in the business is that (weird as it sounds) most people are basically honest! Besides, safecracking isn't fast enough for most criminals. Most safe burglaries happen when someone knows the combination, either having been entrusted with it, watching someone else dial it, or finding it written down in a drawer somewhere.
If a job's not worth doing, it's not worth doing right.
This problem is quite common in all the countries where literacy levels should be at 100%. In reality, about 20% of Britons have very poor literacy skills; in Switzerland, it's more than 30%.
Some studies have linked poor literacy to excessive TV viewing. People can't read because they don't read.
Man is a slave because freedom is difficult, whereas slavery is easy.
Personally, I think mass public distribution is better. It better serves to destroy the "security through obscurity" mindset held by a lot of locksmiths. It's not like any of that information is a magic back door that lets one defeat safes with the wave of a hand. It's a straightforward and honest examination of the design limitations inherent in these locks. It shouldn't be "kept quiet" so that only those who think to go looking for it find out; everyone considering these for physical security should know about it. The very fact that there are locksmiths out there who think this should be kept quiet is why this needs to be broadcast as publicly as possible, because people clearly can't depend upon those particular idiot locksmiths to tell them what they have the right to know.
If a job's not worth doing, it's not worth doing right.