Saturday, August 09, 2008

on locks and keys

perhaps you've come across this story elsewhere, but boing boing has a piece on security researchers supposedly cracking the security of some physical lock system by making duplicate keys based on photos of the original...

is it just me or does that seem like a non-issue? what key-based lock isn't susceptible to replica keys? isn't that pretty much the nature of any token-based security system that if you can produce a duplicate token you're in? and aren't keys basically archaic tokens?

to me it seems that such research borders on captain obvious' territory, but here's a suggestion for lock-makers to help avoid this specific form of attack - retractable keys (hey, if they can do it for USB flash drives they ought to be able to do it for keys too) that you only extend directly into the lock mechanism... that way, in practice, the key portion should never need to be visible and thus wouldn't be susceptible to photographic acquisition...


LonerVamp said...

A big part of making sure physical locks are secure is key control, so that people don't make duplicates.

Another smaller part is about making the keys difficult to reproduce. Sure, you can make a duplicate out of something with various slot heights, side wings, and keyways, but how easily can you do it without actually stealing the key for an extended period of time? Some of the Medeco issues are exasperated because the sidebar is bypassed using a paperclip or wire, at which point you're left with the heights of the teeth, which you can reproduce with a photocopy, impression, rubbing, or even a cell phone camera.

So yeah, you're ultimately right, dupes are a problem, but there are ways to reduce the ease of dupes.