Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lock business practices "security-by-obscurity" for 150 years

From: "David Howe" <DaveHowe () cmn sharp-uk co uk>
Date: Thu, 23 Jan 2003 20:25:12 -0000
at Thursday, January 23, 2003 7:38 PM, hellNbak <hellnbak () nmrc org> was
seen to say:

So yes, this was security through obscurity.  Without public
disclosure there would be little motivation for lock companies to
retool and create better locks.

And TBH there still is little incentive for them to do so. More secure
locks *are* available that aren't susceptable to this particular
attack - but which are susceptable to other attacks (I am told that an
experienced locksmith or lockpick can use the same "probe" technique
used to pick the lock, but estimate quite closely the multiple "catch"
positions for the pins by the amount they must lift the pin in order for
it to lock into position. plus of course almost any lock can be
disassembled and the pin positions measured)
While good crypto costs no more than bad, really secure cylinder locks
*do* have a higher production cost, are more likely to jam, and often
are physically larger.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: