Full Disclosure mailing list archives
Re: Lock business practices "security-by-obscurity" for 150 years
From: "David Howe" <DaveHowe () cmn sharp-uk co uk>
Date: Thu, 23 Jan 2003 20:25:12 -0000
at Thursday, January 23, 2003 7:38 PM, hellNbak <hellnbak () nmrc org> was seen to say:
So yes, this was security through obscurity. Without public disclosure there would be little motivation for lock companies to retool and create better locks.
And TBH there still is little incentive for them to do so. More secure locks *are* available that aren't susceptable to this particular attack - but which are susceptable to other attacks (I am told that an experienced locksmith or lockpick can use the same "probe" technique used to pick the lock, but estimate quite closely the multiple "catch" positions for the pins by the amount they must lift the pin in order for it to lock into position. plus of course almost any lock can be disassembled and the pin positions measured) While good crypto costs no more than bad, really secure cylinder locks *do* have a higher production cost, are more likely to jam, and often are physically larger. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Lock business practices "security-by-obscurity" for 150 years Richard M. Smith (Jan 23)
- Re: Lock business practices "security-by-obscurity" for 150 years Chief Gadgeteer (Jan 23)
- Re: Lock business practices "security-by-obscurity" for 150 years Georgi Guninski (Jan 23)
- Re: Lock business practices "security-by-obscurity" for 150 years hellNbak (Jan 23)
- Re: Lock business practices "security-by-obscurity" for 150 years Kevin Spett (Jan 23)
- Re: Lock business practices "security-by-obscurity" for 150 years David Howe (Jan 23)
- Re: Lock business practices "security-by-obscurity" for 150 years hellNbak (Jan 23)
- Re: Lock business practices "security-by-obscurity" for 150 years eecue (Jan 23)
- Re: Lock business practices "security-by-obscurity" for 150 years Brian McWilliams (Jan 26)