Safecracking for the Computer Scientist

secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS professor best known for finding security flaws in the NSA Clipper Chip and in master keyed locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site entitled Safecracking for the Computer Scientist, which is a pretty in-depth look at what computer security can learn from safes (and vaults). The interesting thing is that it describes in detail the different ways that safes are cracked, probably revealing techniques that locksmiths would rather you didn't know about (there's a lot of security-by-obscurity there). The conclusion seems to be that while safes can fail, at least they do so in better ways than computer systems do. Warning: it's a 2.5 meg pdf file with lots of pretty pictures."

Re:The shocking secret the industry wants covered

[EvanED]

Surely You're Joking Mr. Feynmann has a chapter called "Safecracker Meets Safecracker." It describes his time at Los Alamos during which he repeatedly opened people's safes. (The ease with which he did this actually quite disturbing.) Anyway, at the end of the chapter, he talks about how he learned that a particular lock came factory set at either 0-30-0 or 60-30-60 (I think those were the two), following which the owner would change it to something more secure.

He said he went around Los Alamos after he learned this trying those two combinations and opened about 1/3 of the locks with one or the other.

Best home safe is a home vault

[swb]

Pick a corner area of your basement. Build a concrete block room, filling the block voids with concrete and rebar. Put a roof on the block room made out of steel plate, anchored to the block walls, and add another 4" of concrete and rebar on top of this.

For the entrance, use two doors. The inside door should be a vault door (better gun safe door hung on a frame with inside release). Outside door should be steel fire/security door with steel frame and heavy locks. Outside door is just to be time consuming to get to the inside door.

This wouldn't be all that expensive, either, considering a high-end gun safe alone is $5k pretty easily.

Re:Best home safe is a home vault

[big+tex]

If you are going to all of that trouble, why use block masonry?

To make a good strong wall, you should have reinforcement in both directions. Standard blocks don't have the notches for horizontal rebars, leaving you only with vertical reinforcement.

Even more, CMU's aren't really high-strength concrete. The problem is impact resistance, jackhammers and the like.

Best bet:
Concrete wall, 6"-12" thick. When you pour it, use a piece of steel plate for the inside form.
Now we're talking painful demolition.

Re:Best home safe is a home vault

[ckedge]

.
When the family grocery store burned down the only thing left was the safe, which is where the lottery tickets and other such important/like-money-but-not-money type things were kept overnight. Of course having been in the middle of an inferno for 6 straight hours left it such that it couldn't be opened using the combination or door.

My Uncle called the safe company, and they faxed him some instructions and told him to take it to the local autobody shop. At which point we learned why safes of that size are so damn heavy. Outer and inner boxes of thick steel, with the inner space filled with concrete!! (It's hard to get through and it insulates against fire..)

A couple hours of careful torching and hammering latter and only one corner of one document came out singed - everything else was fine.

Better Safe Cracking through Chemistry

[Detritus]

The most interesting method I've read about involved drilling a small hole in the top of the safe, filling it with water, and detonating a small explosive charge inside the safe. The hydrostatic pressure burst the safe open without damaging the contents.

When I was a kid, my friends and I put an ordinary paper firecracker inside a wooden box, about the size of a cigar box, and secured the lid. To our surprise, the box spontaneously disassembled itself into its component parts, which travelled outwards at high speed. All of that from a firecracker that would only cause minor burns if you held it in your fingers when it exploded.

No Protection for the Clueless

[scottd18]

There was a burglar in Texas last year that was breaking into city hall buildings all over the state. In almost every one he managed to get access to the safe or safes kept in the building without prying or damaging the safes.

When he finally got caught be debriefed and gave up his MO. He would get in to the building be defeating a usually inadequate door lock with a screw driver. Then once inside he would look in all the desk drawers for sticky notes with numbers on them. In almost every one he would find a sticky note with the combination to the safe. This guy hit over 50 different city halls and got into the safe(s) in almost all of them.

The best safes in the world won't keep people from being clueless about security.

Re:Book recommendation: The Great Train Robbery

[Animats]

Unfortunately, Bramah's "unpickable" lock was simply a round pin-tumbler lock. Like the ones Kryptonite used. Better design, though. The clever feature of the Bramah lock is that there's only one return spring for all the pins. So picking is really slow. Every time you get the setting wrong, you have to release all the pins and start over.

Picking a Bramah lock is quite possible, but requires some specialized tools.

Safe cracking/ Lock picking

[Rank_Tyro]

For $35USD, and a glance at my driver's licence, I was able to purchase a lock-pick set. I was intrigued, after seeing hundreds of movies showing theives and spies opening doors faster than people with keys.
After alot of research, and pracitice, I was able to open several brands of pad-locks, as well as the doors' to my house. Guess What? It's not as easy as it looks.
I did this mainly out of curiosity, but I recently had a chance to put this new skill to the test.
My neighbor had locked her keys in her house, and asked for my help. After thinking about it for 15 seconds, agreed to help.
I broke a pane in the window of her back door. There was no way I was going to let her know that I was capable of defeating the locks on her house. I have no intrest in breaking and entering, but the fact is, if people know you can do it, and something goes missing, guess who the first suspect is going to be?
I would love to figure out how to open a safe, not because I want to rob anyone.....it's just really cool, and the fun is in learning how to do something most people can't.

Richard Feynman - original geek safecracker

[John+Jorsett]

In physicist Richard Feynman's book, "Surely You're Joking, Mr. Feynman," he talks about working on the Manhattan Project in New Mexico. He discovered he could figure out the combination to the safes they were using just by touch. So he went around to various offices and would kind of lean on the safe while chatting with the inhabitant. He'd twiddle the dial as though he were just playing around with it during the conversation, but he was really determining the combination. Eventually, he went to the security people and showed them how easy it was to crack these things, and showed how he had the combinations to many safes. Instead of improving the safes, the response of the security people was to make the occupant of every office Feynman had ever been in change the safe combination. The inhabitants were none too happy, and to avoid a repeat of the episode banned Feynman from entering their offices thenceforth. The safes were left as vulnerable as before.