Most of the fuss is because principles such as security through obscurity are dearly held in the safe and lock industry, to their detriment, as Kryptonite discovered. Applying principles from computer security and cryptography in a different domain of expertise is causing heart-burn, which might, on first blush, be reasonable. But in addition to being fascinating, it's also slightly alarming in places:
That's not the kind of thing that a cryptographer can get away with when designing cryptosystems. Before long, safe-makers may not be able to either.Most locks have a wider dialing tolerance than the dial graduations would suggest, allowing an error of anywhere between ±.75 and ±1.25 in each dialed number, depending on the lock model. So although there may be 100 marked positions on the dial, there may be as few as 40 mechanically distinct positions.
[...more possible keys removed...]
For locks with the full ±1.25 dialing tolerance allowed under [standard], these recommendations seem especially misguided, leaving only 22,330 distinct “good” combinations. Observe that this is less than 2.5% of the apparent keyspace of 1,000,000.
Similar reductions in effective keyspace will be familiar to observers of many computer password authentication systems.
No comments:
Post a Comment