On Fri, 24 Jan 2003, Matt Blaze wrote: > Len, > > We're probably getting a bit into the depths of the details for this > (cryptography-oriented) list, so I'll certainly understand if Perry doesn't > forward this on.
Ditto. Time for a "lockpunks@" list? =) > It surely would be possible to have a Medeco-type design using > different rotations for the change and master by cutting new holes/grooves > in the bottom pin. I've not seen that on any of the Biaxial pins > I've looked at, and the Medeco pinning kits I've seen seem to have > such pins in them (maybe they sell them only to certain customers? In > any case, such a kit would have to be very large indeed). I was trying to draw this in ASCII-art, and failing. Looks like Derek had the same problem. In any case, you'll typically find the more complex pin combinations in installations where you need a large amount of change keys on the same master key. It's more work to design a master-key system when you add in these additional variables, so some locksmiths probably won't do it unless they have to. > But even if they did, you'd still be able to straightforwardly do the > attack, consuming up to 3 (in the standard design) or 6 (in the Biaxial > design) blanks per pin (at each rotation/offset). I'm forgetting off the top of my head how many pins a Medeco Biaxial has -- it's 7, right? That would mean in the worse case you would need to try 42 different key blanks. And filing a Biaxial is probably not feasible, so you would need the machine. I'm just not convinced this would ever be done. The time and effort involved would almost certainly make this a less efficient attack than others. > Some of the "restricted" Medeco blanks are in fact readily available; others > aren't but can be modified from available blanks, and still others > seem to require extensive milling or casting. Medeco has a number of different blanks for a number of different security models. The restricted ones are either "Card restricted", where you can go to a Medeco authorised locksmith and present your signature card to have the key duplicated; "Contract restricted" where your key is using a blank that is tied to a specific locksmith (or specific to your organization), and you must deal with that locksmith only; and "Factory restricted", where Medeco itself does duplication, and the key blanks are not released outside of the factory. The last two require the same signature card/ID authorization as well. Sure, you could mill or cast your own blanks to beat the factory controls. That is surely a waste of time, since either there are going to be easier ways to gain access without attacking the lock directly, or the lock will be using dummy-stepping if not on a master-ring system, because the locksmith has considered this attack. --Len. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
