Slashdot Mirror
Safecracking for the Computer Scientist
secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS
professor best known for finding security flaws in the NSA Clipper Chip
and in master keyed
locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site
entitled Safecracking for the
Computer Scientist, which is a pretty in-depth look at what
computer security can learn from safes (and vaults). The interesting
thing is that it describes in detail the different ways that safes are
cracked, probably revealing techniques that locksmiths would rather you
didn't know about (there's a lot of security-by-obscurity there). The
conclusion seems to be that while safes can fail, at least they do so
in better ways than computer systems do. Warning: it's a
2.5 meg pdf file with lots of pretty pictures."
Surely You're Joking Mr. Feynmann has a chapter called "Safecracker Meets Safecracker." It describes his time at Los Alamos during which he repeatedly opened people's safes. (The ease with which he did this actually quite disturbing.) Anyway, at the end of the chapter, he talks about how he learned that a particular lock came factory set at either 0-30-0 or 60-30-60 (I think those were the two), following which the owner would change it to something more secure.
He said he went around Los Alamos after he learned this trying those two combinations and opened about 1/3 of the locks with one or the other.
Pick a corner area of your basement. Build a concrete block room, filling the block voids with concrete and rebar. Put a roof on the block room made out of steel plate, anchored to the block walls, and add another 4" of concrete and rebar on top of this.
For the entrance, use two doors. The inside door should be a vault door (better gun safe door hung on a frame with inside release). Outside door should be steel fire/security door with steel frame and heavy locks. Outside door is just to be time consuming to get to the inside door.
This wouldn't be all that expensive, either, considering a high-end gun safe alone is $5k pretty easily.
Isn't the use of ever increasing keyspace sizes in encryption algorithms (ie SHA256, SHA512, SHAadInfinitum) at a pace slightly higher than Moore's law effectively doing this now?
I can't count how many times I have read "...will take longer than the age of the Universe itself to brute force this /insert encryption scheme of choice here/..." when reading about some new fangled encryption scheme. Naturally, that claim is based on computational power at the time, but doesn't this exactly dispute his claim?
We can be better at it, sure. But computer security systems are designed with at least SOME regard for the notional hacker's motive, opportunity, and skill level.
...But I digress. TREMBLE PUNY HUMANS!ONE DAY MY SPECIES WILL DESTROY YOU ALL!
out of the hands of most criminals.
Erk, now where have all those SuperCriminals gone?
Uh, OK.
So 40^8 = 6553600000000.
Let's say you'll hit the password halfway through the keyspace on average = 3276800000000.
Let's be really generous, and say a single user can attempt 60 keys / sec. That's 5184000 keys per day.
So, you'd get your password in about 632099 days... about 1700 years. Say you're attacking with 1000 people, that's only 1.7 years!
Oh wait, no supposedly secure system is going to accept 60000 failed key attempts per second, for 1.7 years, before failing. Nice thought, though.
-Greg
John Dillinger penetrated a bank vault and looted safe-deposit boxes within, but he did it by stealth, finding a closed-down bank, pretending to be an authorized workman, and taking a long time to extract the contents.
When I was a kid, my friends and I put an ordinary paper firecracker inside a wooden box, about the size of a cigar box, and secured the lid. To our surprise, the box spontaneously disassembled itself into its component parts, which travelled outwards at high speed. All of that from a firecracker that would only cause minor burns if you held it in your fingers when it exploded.
Mea navis aericumbens anguillis abundat
Any locksmith who seriously thinks there's information that stays inside the industry *exclusively* is as naive as the customer who thinks their $15 Kwikset is just as good as a Medeco.
Here's a different true story (posted as AC to protect the, erm, me):
The client I currently work at installed similar push-button combination locks on all doors from each floor's elevator hall, and spent a far bit of money on it too.
The combination was set to 7-2-5-3.
Not being a big one for remembering this sort of thing, I idly tried entering 2-3-5-7 - and it opened!
A few tests revealed that their vaunted locks would open with any arrangement of the required four digits - reducing the security from 1 in 10,000 combinations down to 1 in 400 or so.
What happened to watching a person dial in the code, or planting a security camera? Or, in your "computer science analogy", using a keylogger. People will always be stupid, and sometimes you can even surreptitiously get the smart ones.
My father who got sent to locksmithing training by the Department of Defense was describing how you drill into the door of a safe to open it if you've somehow lost the combination. Basically you get a piece of metal that is the size of the door from the manufacturer -- it has marks on it where to drill. You drill according to the directions, and then fiddle with the inner workings of the locking mechanism to move the tumblers where they should be in order to open the safe, and to change the combination.
The bad part is that once you've done this, to make the safe secure again you put a steel ball bearing the size of the hole in the hole, and then weld it in there. There is absolutely no way you're going to be able to drill through that steel. Any drill bit you try to drill through it is just going to dance on it, and end up breaking the drill bit.
So I guess in that case, safes that have been forcibly opened using the above method are safer than ones that havn't.
da w00t. mtfnpy?
There was a burglar in Texas last year that was breaking into city hall buildings all over the state. In almost every one he managed to get access to the safe or safes kept in the building without prying or damaging the safes.
When he finally got caught be debriefed and gave up his MO. He would get in to the building be defeating a usually inadequate door lock with a screw driver. Then once inside he would look in all the desk drawers for sticky notes with numbers on them. In almost every one he would find a sticky note with the combination to the safe. This guy hit over 50 different city halls and got into the safe(s) in almost all of them.
The best safes in the world won't keep people from being clueless about security.
Heck is a place for people that don't believe in gosh.
I found this article to be quite diapointing. I don't know where he got that lock or how old it is, but it's likely at leat a hundred years old. They just don't make combination locks like that that would be so easily manipulated. Even a cheap $2 Master pad-lock, as he briefly mentioned in two sentences on page 31, has false gates on the wheels, basically defeating all the simplistic techniques mentioned in the article. Although he states that these false gates are easily identified, trust me, they are not. And drilling into a safe holds no appeal in my opinion, since any competent safe would have appropriate countermeasures. Furthermore, it's just too destructive for my tastes.
I did however enjoy the ever so brief discussion of safecracking terminology. The article would have been a much more more productive use of time, mine and his, and would have also been more entertaining had he discussed the terminology in depth(just read page 4).
Picking a Bramah lock is quite possible, but requires some specialized tools.
I "picked" a small Bramah lock on a liquor caddy once. My boss was repairing the customer's front door lock and (as a joke) told me to see if I could open it after the owner told us she had no key. I managed to tension the lock and eyeball the depth of a couple gates and cut a makeshift key from a bit and barrel key with the bit shaved off. By sheer luck I had made a perfect working key in about 20 minutes. When I brought the open lock with key to my boss he looked surprised and told me they weren't supposed to be pickable, I (who'd never seen a Bramah lock before) said "It's a good thing I didn't know that then, eh?"
If a job's not worth doing, it's not worth doing right.
For $35USD, and a glance at my driver's licence, I was able to purchase a lock-pick set. I was intrigued, after seeing hundreds of movies showing theives and spies opening doors faster than people with keys.
After alot of research, and pracitice, I was able to open several brands of pad-locks, as well as the doors' to my house. Guess What? It's not as easy as it looks.
I did this mainly out of curiosity, but I recently had a chance to put this new skill to the test.
My neighbor had locked her keys in her house, and asked for my help. After thinking about it for 15 seconds, agreed to help.
I broke a pane in the window of her back door. There was no way I was going to let her know that I was capable of defeating the locks on her house. I have no intrest in breaking and entering, but the fact is, if people know you can do it, and something goes missing, guess who the first suspect is going to be?
I would love to figure out how to open a safe, not because I want to rob anyone.....it's just really cool, and the fun is in learning how to do something most people can't.
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
Now I could see lazy users setting the combos to something easy to remember like 60-30-60 or such, but they don't come from the factory with either of the two settings you mentioned.
I'm too lazy to compose a creative sig.
http://www.timhunkin.com/94_illegal_engineering.ht m
Rich.
libguestfs - tools for accessing and modifying virtual machine disk images
- Adding layers doesn't make it any less secure,
- Adding bits to a single key in the letter-shifting method by itself doesn't make it any more secure, and
- Stacking that encryption method and a second method, each with a key size of n/2, will probably be more secure than using the letter-shifting method alone with a key size of n.
Your example caused me to think of a simplistic case where a combination of methods, each with a key size of n/number-of-methods, may be less secure than a single method with a key size of n: your letter-shifting method combined with a simple XOR method. In this case, it may be true that the combination is less secure than the XOR method by itself with twice the key size.This is due to the fact that the letter-shifting encryption method does not benefit at all from a larger key size, and thus taking bits from the method that does benefit from a larger key size to give it to a method that does not, will of course cause the security of the system as a whole to decrease.
It is still more secure, though, than the letter-shifting method taken by itself.
Now, let's assume that the flaw in the letter-shifting method wasn't discovered unitl after it been used for a few years.
We now have three types of encryption systems (relevant to this example):
- The system that used letter-shifting by itself, with key size n.
- The system that used XOR by itself, with key size n.
- The system that used the letter-shifting method in combination with the XOR method, each with key size n/2.
After the flaw in the letter-shifting method is discovered, the people who used letter-shifting by itself are totally screwed, those who used XOR by itself are unaffected, and those who used the combination are partially-screwed.I'd rather be partially-screwed than totally screwed.
The thing is, it's not possible to tell in advance whether or not a single encryption method is flawed.
(If it were possible, such a method wouldn't have been used in the first place.)
Using a combination of different methods is a way of avoiding putting all of one's eggs in one basket.
Can anyone state a case where a combination of encryption methods, where each has a different key of size n/number-of-methods, is demonstrably less secure than each and every one of the methods used by itself with key size n?
I don't see how a chain of methods could be any weaker than its weakest link, even when the weakest link, used by itself, would have a larger key size.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Well, I'll try to explain why people think what you are proposing is suboptimal.
Firstly, I think you have misunderstood what "adding extra bits" (enlarging the key) means --- at least in this context. In my (silly) example, the key had the length of 1 (number). Notice there is no bits, since the atomic unit in this encryption unit is letters. If you increase the number of bits we would have more numbers.. E.g, (1,2) would make "have" into "icwg", which would be harder to break. The scheme is actually not THAT bad --- there are methods to break this sort of encryption, but it isn't trivial. A person that has not studied cryptography would be pressed to break something like this, at least if the key length is unknown.
If you take this method to an extreme with keys longer than the text, you would have a fair encryption method, provided that the keys are kept secret. But nevermind that.
Now, to invent another cryptographic method, let's consider a method where the positions in the alfabet are multiplied rather than added, and the modulo of 26 is taken. So for the example key (1,2) and the word "have" the result would be "hbvj".
How secure are these methods combined? Well, if the coded and original letters have position x and y, respectively, and we are using keys k,l with values k_1, k_2, ..., k_n and l_1, l_2, ..., l_m, where n and m are some integral numbers. Then the effort spend on encrypting the message is O(n+m). The effort spend decrypting then will only be proportional to the smallest common multiple of n and m --- it's an easy proof, so I leave it as an exercise. However, for the same effort you could have obtained and effort proportional to the multiplum... and the encryption and decryption rutines would be simpler, and thus less errorprone. That's one argument against layering encryption algorithms.
Now, either of these algorithms may be weak --- indeed, the muliplum algorithm is for a number of reasons, most importantly the distribution of the resulting letters is not uniform. Note that if the addition is performed first, no harm is done by this, but if the multiplication is performed second, the distribution would be skewed in such a way that the addition key could be guessed from the distribution of the letters of the encoded message. This would render the combined algorithm weaker then the addition alone. This is the "real world" example you asked for... and admit it, it is not that far-fetched for a slashdot comment ;-)
Disclaimer: I'm not really a crypto guy, just an IT specialist + mathematician.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
In physicist Richard Feynman's book, "Surely You're Joking, Mr. Feynman," he talks about working on the Manhattan Project in New Mexico. He discovered he could figure out the combination to the safes they were using just by touch. So he went around to various offices and would kind of lean on the safe while chatting with the inhabitant. He'd twiddle the dial as though he were just playing around with it during the conversation, but he was really determining the combination. Eventually, he went to the security people and showed them how easy it was to crack these things, and showed how he had the combinations to many safes. Instead of improving the safes, the response of the security people was to make the occupant of every office Feynman had ever been in change the safe combination. The inhabitants were none too happy, and to avoid a repeat of the episode banned Feynman from entering their offices thenceforth. The safes were left as vulnerable as before.