Slashdot Mirror
MIT Students Release Code To 3D-Print High Security Keys
Sparrowvsrevolution writes "At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert released a piece of code that will allow anyone to create a 3D-printable software model of any Schlage Primus key, despite Schlage's attempts to prevent the duplication of the restricted keys. With just a flatbed scanner and their software tool, they were able to produce precise models of Primus keys that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium. Primus high-security locks are used in government facilities, healthcare settings, and detention centers, and their keys are coded with two distinct sets of teeth, one on top and one on the side. That, along with a message that reads 'do not duplicate' printed on the top of every key, has made them difficult to copy by normal means. With Lawrence and Van Albert's software, anyone can now scan or take a long-distance photo of any Primus key and recreate it for as little as $5."
Really? That makes them difficult to duplicate? On which planet?
I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.
How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?
I do not fail; I succeed at finding out what does not work.
Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.
Technoli
I don't think so. A long distance photo is not going to give enough detail. You'll need a high resolution photo of the key.
Wacky Fun!. That paper appears to deal with a less sophisticated key; but demonstrated successful attacks at 195 feet, with comparatively cheap apparatus.
Locks don't make secure doors, doors do. If you wish to enter, the type of lock on the door is not going to deter you. Electronic locks are not more or less secure, it is just a different set of crooks that are able to get through them without leaving traces.
... whatever
Former locksmith here. The Primus (and nearly all of the other high security keys) are simply relying on patent protection to keep people from duplicating the keys. Any locksmith worth his/her salt already has key machines that could reproduce them onto a chunk of brass (worst case) or just onto a normal key blank.
If you want to see something that would impress me, look at a German company - DOM - that has a design that includes a floating ball bearing in the key, which is integral to making the lock work. If they could make THAT with a printer, I'd be impressed.
One model:
http://www.dom-sicherheitstechnik.com/DOM-ix-Saturn.667.0.html
For us carnivores, "Sucking the marrow out of life" isn't a transcendentalist philosophy but a practical instruction.
what the lock companies do is they patent the blanks.
that's why lock companies come up with a new scheme every so often. and to buy those blanks you need to sign a contract that you wont copy without permission of the lock owner.. which is hard to check anyways.
world was created 5 seconds before this post as it is.
Not true. I used to work security in a building that had a lot of electronic locks. And ultimately, you can't enter them without leaving a trace. Sure, they might not know who it is that entered at 2:26 AM, but we would know that somebody entered at that time. Whereas with regular keys, we would at most know that somebody went to that floor around that time, but we'd have no clue as to which door they went into.
In other words, we could probably get video footage of the person that went into the door secured by an electronic lock, or at least narrow it down substantially, but would have no way of doing that with a traditional lock as we would have to have video of them getting into the elevator, not at the actual door.
What's more, with electronic locks, there's the ability to lock people out during periods of the day that you can't do with a traditional lock and you can change the key much more rapidly.
Yes, they aren't perfect and can be prone to attacks that a normal lock and key aren't. But, ultimately, suggesting that they're not any sort of improvement ignores reality.
I my jurisdiction it is (or was, a decade ago) against the law* for a locksmith to copy keys that are both marked "do not duplicate" and which used blanks available only to locksmiths required the locksmith to go through paperwork to make sure the person requesting the copy was authorized by the lock-owner to do so. This typically involved asking the requester to provide the lock's "number" which presumably the lock owner had but which was not on the key or lock itself.
Up until recent decades, one of the more practical ways to duplicate many security keys was to make a mold and build a key from it, like you saw in 1960s spy movies. Yes, that required physical possession, but it didn't require a locksmith.
--
*I'm not sure if the law has any real teeth, it may be just a "civil fine" or it may just open up the locksmith to civil liability if the key is misused, much like if a bartender serves a drunk person more booze and they drive and kill someone, the bartender can be sued by the victim's family.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Can some explain to me why the only stories about 3D printing that make the news are ridiculously paranoid? Anyone can print out a secret key. Anyone can print out shitty plastic gun. What's next? Anyone can print out a bat'leth? Anyone can print out a plastic pressure cooker and make a plastic bomb? Anyone can print out plastic kiddie porn? Not one story discussing the incredible potential? Like, machines printing out copies of itself? Or the effects on a society and economy where any product can be downloaded and printed? None of that interesting stuff? Just the fear and paranoia stuff?
Whenever you'll be playing with a 12 inch or larger telescope, do yourself a favor and point it onto a terrestrial target a few hundred feet away. I've seen terrestrial pictures being taken through a 20" telescope and all I can tell you is that with clear air it's feels like taking your point and shoot and teleporting it a mile away. Never mind that if you don't care about giving yourself away, you can also flash-illuminate your target through the same optical assembly. I have to dig up some of the portraits my colleague took with his girlfriend standing about 1100 m. away on a winter night, with heavily overcast sky and no moon, with through-the-lens flash. It really looks as if you've been standing right there, except that of course the aberrations typical for closeup pictures are nowhere to be seen. As far as portraits go, a telescope gives you IMHO the best 2D reproduction to be had. I'm sure it'd be just as great at extracting the geometry of a key, since you get as close to axonometric projection as you can get.
A successful API design takes a mixture of software design and pedagogy.