Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safecracking for the Computer Scientist

Posted by michael on from the alternate-lines-of-work dept.

secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS professor best known for finding security flaws in the NSA Clipper Chip and in master keyed locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site entitled Safecracking for the Computer Scientist, which is a pretty in-depth look at what computer security can learn from safes (and vaults). The interesting thing is that it describes in detail the different ways that safes are cracked, probably revealing techniques that locksmiths would rather you didn't know about (there's a lot of security-by-obscurity there). The conclusion seems to be that while safes can fail, at least they do so in better ways than computer systems do. Warning: it's a 2.5 meg pdf file with lots of pretty pictures."

34 of 322 comments (clear)

  1. Well so much for the PDF... by yuriismaster · · Score: 4, Informative

    Cmon, you expected a 2.5 mb file to last...

    Here's Google's HTML-ification of the pdf (sans said 'pretty pictures')

  2. Mirror of pdf by sometwo · · Score: 4, Informative

    http://mirrordot.org/stories/a98b5b5fc2096a7b567c4 b2e77ca0f1f/safelocks.pdf

  3. Mirror by hardlined · · Score: 5, Informative

    http://shell.athenet.net/~files/safelocks.pdf

  4. The shocking secret the industry wants covered up by Anonymous Coward · · Score: 5, Funny

    All safes open using a maintenance combination of 12345.

  5. Re:spoof? by sfjoe · · Score: 4, Funny

    Did anyone else read the headline and think this was some horrible spoof on "Queer Eye for the Straight Guy"?

    Well, now that you mention it ... no.

    --
    It's simple: I demand prosecution for torture.
  6. A point well made by gateman9 · · Score: 5, Insightful

    I think his comparison is on to something here.

    A good safe is designed in layers, so that to get in, you have to break through each layer. And the more layers, the more time it takes. Safe-makers know no safe is completely secure, and all safes are crackable.

    Time is the enemy of anyone looking to commit theft/robbery, whether that person is working physically or digitally. So the longer it takes the more secure the system it is.

    While we defeinitely know security by obfuscation is stupid in terms of computer security, safety by layers makes sense.

    If there were several layers of encryption (asymmetrical and symmetrical), compromising the system takes more time, and if one layer fails, the game isn't over just yet.

    Admittedly secure traffic would be much slower than unsecured traffic, the benefits of this kind of layered approach would be more than worth it for data that needs to be as secure is possible.

    --
    You can't defeat physics.
  7. Re:Unable to determine IP address by NanoGator · · Score: 4, Funny

    " Unable to determine IP address from host name for www.crypto.com

    Wow, that's pretty darned secure!

    --
    "Derp de derp."
  8. Re:The shocking secret the industry wants covered by KillerDeathRobot · · Score: 5, Funny

    That sounds like the combination some idiot would have on his luggage.

    --
    Thinkin' Lincoln - a web comic of presidential proportions
  9. Re:cse professor by big+tex · · Score: 5, Funny

    To top it off, his mastery of punctuation and the Shift Key is far better than yours.

    --
    I think I need a new sig here.
  10. general coding v. coding for security: assumptions by G4from128k · · Score: 5, Insightful

    The challenge for IT security is that computer science loves to use abstractions, encapsulation, APIs, libraries and what not that let the programmer ignore the details of the internal complexity of systems. The problem is that it leads one to assume that these systems behave in some idealized fashion (the logical, black-box model of the system). In reality, the systems don't always follow the assumed logical model or the ignored internals create side-effects that are unforeseen by the original programmer, but exploited by malicious actors.

    For example, assumptions about metadata and syntax give rise to buffer overflow or malformed string exploits. In trusting that an input string will be its stated length or follow the official syntax, the programmer adheres to the logical model of the system but creates a vulnerability. Similarly, physical power consumption artifacts can let a cracker guess the state or internal activities of a smartcard encryption chip. The original programmer is unaware that the code creates these artifacts since most coding paradigms ignore issues such as the exact execution time of subroutines, power consumption of CPU instructions, etc.

    Becoming security conscious means unlearning all the tricks that let a programmer ignore the complexity inside a system. It means understanding the real behavior of all the internals, all the side-effects, and all the system properties that might be observable or influenceable by a malicious party. That makes programming for security very different and very much harder that standard programming.

    To mangle a metaphor, security means that one must peel the onion to ensure that it does not have contain an open door in its core.

    --
    Two wrongs don't make a right, but three lefts do.
  11. Re:The shocking secret the industry wants covered by R2.0 · · Score: 5, Funny

    True story.

    I needed access to secured room of a building my company was renovating. It had a pushbutton type combination lock on it (or some such). I asked the combination, and the maintenance superintendent said "1-2-3-4-5". I immediately blurted out "1-2-3-4-5? That sounds like the combination some idiot would put on his luggage." Straight Pavlovian response to a Mel Brooks straight line.

    It was only after a 5 seconds of being stared at that I realized that the Superintendent had intentionally set that combination, and he was NOT a "Spaceballs" fan.

    --
    "As God is my witness, I thought turkeys could fly." A. Carlson
  12. Hacker vs cracker by AtariAmarok · · Score: 4, Funny

    This one throws a monkey-wrench in the works of the old "hacker vs cracker" argument. If someone is a redneck safe-cracking computer scientist from Georgia, what category do they fall into? Hmmm?

    --
    Don't blame Durga. I voted for Centauri.
  13. Similar by irefay · · Score: 5, Insightful

    Similarly, you can have as many security layers as you wish but if you forget to weld the back end of the safe or network on than they still do nothing for security... your only as secure as your weakest point of security.

  14. A Companion Piece... by stankulp · · Score: 5, Informative
    --

    ...The MIT Guide to Lock Picking

    Don't leave home without it.

    --
    We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower
  15. Re:The shocking secret the industry wants covered by EvanED · · Score: 4, Interesting

    Surely You're Joking Mr. Feynmann has a chapter called "Safecracker Meets Safecracker." It describes his time at Los Alamos during which he repeatedly opened people's safes. (The ease with which he did this actually quite disturbing.) Anyway, at the end of the chapter, he talks about how he learned that a particular lock came factory set at either 0-30-0 or 60-30-60 (I think those were the two), following which the owner would change it to something more secure.

    He said he went around Los Alamos after he learned this trying those two combinations and opened about 1/3 of the locks with one or the other.

  16. Re:Considering the audience... by MrLint · · Score: 5, Funny

    ...is posting safe-cracking techniques on /. responsible behaviour?

    Well i dont think we have much to worry about here. As most /. readers wouldnt be able to get past teh 1st level of physical security around any safe. Namely the door at the top of the stairs to their parent's basement ;)

  17. Best home safe is a home vault by swb · · Score: 4, Interesting

    Pick a corner area of your basement. Build a concrete block room, filling the block voids with concrete and rebar. Put a roof on the block room made out of steel plate, anchored to the block walls, and add another 4" of concrete and rebar on top of this.

    For the entrance, use two doors. The inside door should be a vault door (better gun safe door hung on a frame with inside release). Outside door should be steel fire/security door with steel frame and heavy locks. Outside door is just to be time consuming to get to the inside door.

    This wouldn't be all that expensive, either, considering a high-end gun safe alone is $5k pretty easily.

    1. Re:Best home safe is a home vault by big+tex · · Score: 4, Interesting

      If you are going to all of that trouble, why use block masonry?

      To make a good strong wall, you should have reinforcement in both directions. Standard blocks don't have the notches for horizontal rebars, leaving you only with vertical reinforcement.

      Even more, CMU's aren't really high-strength concrete. The problem is impact resistance, jackhammers and the like.

      Best bet:
      Concrete wall, 6"-12" thick. When you pour it, use a piece of steel plate for the inside form.
      Now we're talking painful demolition.

      --
      I think I need a new sig here.
    2. Re:Best home safe is a home vault by ckedge · · Score: 4, Interesting

      .
      When the family grocery store burned down the only thing left was the safe, which is where the lottery tickets and other such important/like-money-but-not-money type things were kept overnight. Of course having been in the middle of an inferno for 6 straight hours left it such that it couldn't be opened using the combination or door.

      My Uncle called the safe company, and they faxed him some instructions and told him to take it to the local autobody shop. At which point we learned why safes of that size are so damn heavy. Outer and inner boxes of thick steel, with the inner space filled with concrete!! (It's hard to get through and it insulates against fire..)

      A couple hours of careful torching and hammering latter and only one corner of one document came out singed - everything else was fine.

  18. Better Safe Cracking through Chemistry by Detritus · · Score: 5, Interesting
    The most interesting method I've read about involved drilling a small hole in the top of the safe, filling it with water, and detonating a small explosive charge inside the safe. The hydrostatic pressure burst the safe open without damaging the contents.

    When I was a kid, my friends and I put an ordinary paper firecracker inside a wooden box, about the size of a cigar box, and secured the lid. To our surprise, the box spontaneously disassembled itself into its component parts, which travelled outwards at high speed. All of that from a firecracker that would only cause minor burns if you held it in your fingers when it exploded.

    --
    Mea navis aericumbens anguillis abundat
    1. Re:Better Safe Cracking through Chemistry by iggymanz · · Score: 4, Informative

      uh-huh, ever try to drill a *small* hole into armor plate with man-portable power tools? Please try that sometime, I would reccomend warming up by attempting said feat on an iron beam used to make the average american skyscraper. I actually tried that in my apartment in Chicago to mount something in the window; once through the drywall my eighth-inch titanium nitride bit powered by third horsepower motor did nothing more than polish the steel. embarrasing. Anyway, to put in water and explosive you'll need what, a one-inch hole? Maybe an oxygen lance would be better.

    2. Re:Better Safe Cracking through Chemistry by deanpole · · Score: 4, Informative

      The verb is to "tamp". It makes an explosion more effective by physically constraining it. For example a stick of dynamite if left on a road will create a pothole a foot or two deep. Whereas several sandbags placed on top will create a crater multiple feet deep. The improvement results from directing the explosive force, but also by helping the explosive fully combust. In fact the need to tamp is the difference between a "high" and "low" explosive. The later being able to burn under the right conditions.

  19. Re:The shocking secret the industry wants covered by morcheeba · · Score: 4, Informative

    If 00000000 is an acceptable nuclear missle secret launch code, then 12345 has got to be NSA-level security!

    --
    HIV Crosses Species Barrier... into Muppets
  20. Re:Massive Keyspace? by charyou-tree · · Score: 4, Insightful
    I can't count how many times I have read "...will take longer than the age of the Universe itself to brute force this /insert encryption scheme of choice here/..." when reading about some new fangled encryption scheme. Naturally, that claim is based on computational power at the time, but doesn't this exactly dispute his claim?
    No. Physics gets involved ... From Schneier's Applied Cryptography page 157:

    One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than k T, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

    Given that k = 1.38*10^-16 erg/deg Kelvin, and that the ambient temperature of the universe is 3.2 deg Kelvin, an ideal computer running at 3.2 deg Kelvin would consume 4.4*10^-16 ergs every time it set or cleared a bit. To run a computer colder thant the cosmic background radiation would require extra energy to run a heat pump.

    Now the annual energy output of our sun is about 1.21*10^41 ergs. This is enough to power about 2.7*10^56 single bit changes in our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this computer.

    But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

    These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
    IOW, you can't brute-force a 256-bit key.
  21. Re:not that obscure by Arctic+Fox · · Score: 5, Funny

    Ever read /. at -1?
    You'll discover that you are incorrect, Sir.

  22. No Protection for the Clueless by scottd18 · · Score: 5, Interesting

    There was a burglar in Texas last year that was breaking into city hall buildings all over the state. In almost every one he managed to get access to the safe or safes kept in the building without prying or damaging the safes.

    When he finally got caught be debriefed and gave up his MO. He would get in to the building be defeating a usually inadequate door lock with a screw driver. Then once inside he would look in all the desk drawers for sticky notes with numbers on them. In almost every one he would find a sticky note with the combination to the safe. This guy hit over 50 different city halls and got into the safe(s) in almost all of them.

    The best safes in the world won't keep people from being clueless about security.

    --
    Heck is a place for people that don't believe in gosh.
  23. No Big Secret by Dun+Malg · · Score: 4, Informative
    The interesting thing is that it describes in detail the different ways that safes are cracked, probably revealing techniques that locksmiths would rather you didn't know about (there's a lot of security-by-obscurity there).

    A good locksmith specializing in safes doesn't care if you know how safes are opened-- on the contrary, they'll tell you all about it. The job of a competent physical security professional is give the client a straight and honest description of how the product works and what its weaknesses are, and safes are no exception. I've worked for a locksmith for the last ten years and it's company policy to show clients exactly what they're getting and/or what they already have. With safe openings, my boss explains exactly what he's doing and how it all works. Admittedly, there are a lot of locksmiths who think this should all be top secret stuff, but they're just fooling themselves. All the info is out there. There's no official schooling for locksmiths, and no coherent regulation of the profession. Subsequently, there's no way to really keep the information out of the hands of "criminals" while still allowing access for beginners trying to start out in the profession. You can join the Associated Locksmiths of America essentially by just saying you're a locksmith, although you'll be approved for membership quicker if you have the recommendation of an existing ALOA member. Once you have an ALOA membership number, you're a locksmith as far as the "keepers of the knowledge" are concerned. Heck, you don't have to have anything but fifty bucks and a mailing address to subscribe to The Locksmith Ledger, and they frequently have articles on opening various safes.

    Really, none of the techniques outlined by Mr. Blaze in the PDF are any big secret. Anyone with access to such a lock mechanism (buy a safe and you've got one) and a little brainpower can figure all that stuff out. The thing is, drilling a safe requires fairly specialized tools and is very noisy. Manipulating a safe requires a lot of practice, and even an expert can take a LONG TIME to get into a safe. There's no astounding revelations there. Walk into my boss' locksmith shop and he'd show you all that. I've tried my hand at both drill penetration and manipulation, and there are no "secrets" that make any of that stuff easy. At best, the knowledge it just makes it possible-- and that knowledge is available through simple observation.

    --
    If a job's not worth doing, it's not worth doing right.
  24. Re:Book recommendation: The Great Train Robbery by Animats · · Score: 4, Interesting
    Unfortunately, Bramah's "unpickable" lock was simply a round pin-tumbler lock. Like the ones Kryptonite used. Better design, though. The clever feature of the Bramah lock is that there's only one return spring for all the pins. So picking is really slow. Every time you get the setting wrong, you have to release all the pins and start over.

    Picking a Bramah lock is quite possible, but requires some specialized tools.

  25. New PIN posted *on* the door by xixax · · Score: 4, Funny

    I walked past the gym we have in the basement of our building. When too maany (non entitled) people started using it, they changed the PIN on the door. I know this because some Brainiac posted a apologetic notice on the door that helpfully included the *new* PIN for regular gym patrons.

    Unfortunately it was taken down before I could take a picture of it.

    Xix.

    --
    "Everything is adjustable, provided you have the right tools"
  26. Safe cracking/ Lock picking by Rank_Tyro · · Score: 5, Interesting

    For $35USD, and a glance at my driver's licence, I was able to purchase a lock-pick set. I was intrigued, after seeing hundreds of movies showing theives and spies opening doors faster than people with keys.
    After alot of research, and pracitice, I was able to open several brands of pad-locks, as well as the doors' to my house. Guess What? It's not as easy as it looks.
    I did this mainly out of curiosity, but I recently had a chance to put this new skill to the test.
    My neighbor had locked her keys in her house, and asked for my help. After thinking about it for 15 seconds, agreed to help.
    I broke a pane in the window of her back door. There was no way I was going to let her know that I was capable of defeating the locks on her house. I have no intrest in breaking and entering, but the fact is, if people know you can do it, and something goes missing, guess who the first suspect is going to be?
    I would love to figure out how to open a safe, not because I want to rob anyone.....it's just really cool, and the fun is in learning how to do something most people can't.

    --
    Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
  27. Re:The perfect safe by Dun+Malg · · Score: 4, Informative
    The perfect safe is a computer controlled one. You can't crack a PIC controlling a solenoid-lock that is deep within the safe. And as long as there is a limit on combinations attempted per second, some sort of automatic combination guessing device is impractical, too.

    They make those, but my boss refuses to install them anymore, even if the customer wants it. We've seen too many cases of fritzed electronics, dead batteries, and broken wires with those things. I have only once seen a regular mechanical combo lock fail spectacularly, requiring drilling to open the safe, and in that case the lock "worked badly" for WEEKS beforehand (but the customer, of course, waited till it broke). Electronic locks tend to have binary failures: the work fine up until the point where they don't work at all.

    --
    If a job's not worth doing, it's not worth doing right.
  28. Re:The shocking secret the industry wants covered by HeghmoH · · Score: 4, Informative

    I believe the original poster simply misremembered the combinations mentioned in the book. My memory may have been corrupted by seeing your post, but I'm pretty sure the combinations in this story were 50-25-50 and 25-50-25.

    Oh wow, I love Amazon. Find Surely You're Joking, Mr. Feynman! on Amazon and use the search function to look for "Safecracker meets Safecracker". Click on the last link on the first page, and you can find the exact text. The combinations in the book are actually 25-0-25 and 50-25-50. It also turns out that it only opened 1/5th of the safes, not 1/3rd. That book search rules!

    --
    Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
  29. Re:The shocking secret the industry wants covered by Randy+Wang · · Score: 4, Funny

    Bah. A real genius would set his combination to the LAST few digits of the Fibbonaci sequence ;-)

    --
    --- Egads, I glow in the dark!
  30. Richard Feynman - original geek safecracker by John+Jorsett · · Score: 4, Interesting

    In physicist Richard Feynman's book, "Surely You're Joking, Mr. Feynman," he talks about working on the Manhattan Project in New Mexico. He discovered he could figure out the combination to the safes they were using just by touch. So he went around to various offices and would kind of lean on the safe while chatting with the inhabitant. He'd twiddle the dial as though he were just playing around with it during the conversation, but he was really determining the combination. Eventually, he went to the security people and showed them how easy it was to crack these things, and showed how he had the combinations to many safes. Instead of improving the safes, the response of the security people was to make the occupant of every office Feynman had ever been in change the safe combination. The inhabitants were none too happy, and to avoid a repeat of the episode banned Feynman from entering their offices thenceforth. The safes were left as vulnerable as before.