comment on Master Key Copying Revealed (Matt Blaze of ATT Labs)

[Dave Farber <dave () farber net>]

Date: Thu, 23 Jan 2003 09:31:36 -0500 (EST)
From: Donald Eastlake 3rd <dee3 () torque pothole com>
To: Dave Farber <dave () farber net>
Cc: interest () pothole com
Subject: [interest] Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT
Labs)

I've never seen such a ridiculously overhyped teaser article about a
very simple 150 year old weakness.

Pin tumbler locks work by the key, at each cut, raising a pin so that a
split in the pin aligns with the interface between and inner concentric
cylinder and the outer part of the lock, one reason they are sometimes
called cylinder locks. Master keying frequently works by putting two
cuts in each pin. One set is present in all locks of the set so the
identical master key can raise the pins so those cuts align on the
cylinder boundary. The 2nd cut in each pin is in a different pattern for
different locks and the individual keys use them so you can have no
master key cut the same as any corresponding cut on any individual key.
Pin tumber locks typically have 5 to 7 pins and 10 levels of cut for
each pin. (Obviously, you can also have sub-masters by using some master
cuts and some individual cuts that are common to a subset of the full
mastered set. You really don't want to go to three or more cuts in a pin
as you start increasing the chance that a random key will open a lock.
You can also can do cross section mastering where individual keys will
only fit into certain locks but the master key will fit into all, but it
is usually easy to get master blanks, which are just the intersection of
the individual key blanks cross sections.)

If you have an individual key, key blanks, and access to a lock, you can
cut trial keys. Assume 5 pins and 10 level. You take a blank and pick a
pin. You cut the other 4 places the same as your working key and, for
the pin you picked, try the 9 other levels. (This only takes one key
blank as you can start with the highest cut and keep going down with
your key cutting machine or a file.) If you find some other level of cut
that opens the lock, you have found the master cut for that pin. Do this
for each of the 5 pins and you now know all the master cuts having used
up 5 blanks and making 45 trials. In fact, you can stop as soon as you
find the master cut so on average, it would be 22.5 trials.

It may be a bit harder if there are 7 pins or a bit easier if you use
well known heuristics for master key design which make it harder to pick
locks but also constrain the most likely search space. (Of course,
master keying at all can make the lock easier to pick.)

The main building at MIT has (or had) two separate key holes with
separate inner cylinders in each lock. Thus one used for individual keys
can be only single cut. Or you can have two concentric cylinders, one
inside the other, so that pin cuts have two different levels on which to
line up and engineer it to avoid this weakness but it makes the
tolerances smaller unless you go to fewer different levels or longer
pins. Etc.

This weakness has been well know for 150 years but, so what? If you are
skilled enough and/or have the right equipment, its faster to pick the
lock anyway.

Thanks,
Donald

PS: The headline is wrong. It should be Master Key Discovery, not Master
Key Copying.
======================================================================
 Donald E. Eastlake 3rd                       dee3 () torque pothole com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake () motorola com

------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/