Full Disclosure mailing list archives
Re: Vulnerability Disclosure Debate
From: Valdis.Kletnieks () vt edu
Date: Thu, 07 Aug 2003 21:46:48 -0400
On Thu, 07 Aug 2003 16:35:46 PDT, Darren Bennett said:
these details. If a company that manufactures locks does a poor job and a locksmith publishes how to break into the lock, that should be considered a service to all. After all, how can consumers make good choices without ALL of the information? Yeah, some will misuse the
Speaking of locksmiths.. ;) A while ago, Matt Blaze (the same Bellcore guy who did the number on the LEAF field of the Clipper chipset) published an interesting paper on a better way of making a master key for a series of locks, given one lock and key. Turns out: a) The locksmiths went apeshit, because somebody blabbed a secret that all the good locksmiths had known for forever. b) There's other schemes of building series of locks than the one that Matt broke. c) The other schemes almost never get deployed in practice because they're more expensive. Turns out that Matt's scheme is of mostly theoretical interest, because even WITH it, to get a master key that fits an "interesting" lock, you still need a key and lock from the same series, and lots of time to fiddle - and there's usually some other easier/cheaper/safer way to bypass the interesting lock. If you *really* want to slow them down, you need something like THIS lockset: http://www.mas-hamilton.com/x08.html Of course, these beasts are usually found on GSA Class 5 document containers, usually called "crypto safes"... ;)
Attachment:
_bin
Description:
Current thread:
- Re: Vulnerability Disclosure Debate, (continued)
- Re: Vulnerability Disclosure Debate Georgi Guninski (Aug 07)
- Re: Vulnerability Disclosure Debate Geoincidents (Aug 07)
- Re: Vulnerability Disclosure Debate Cesar (Aug 07)
- Re: Vulnerability Disclosure Debate gregh (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- RE: Vulnerability Disclosure Debate Mike Fratto (Aug 08)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 07)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 08)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Message not available
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)