Safecracking for the Computer Scientist

Pulled from Slashdot:

It looks like Matt Blaze (the University of Pennsylvania CS professor best known for finding security flaws in the NSA Clipper Chip and in master keyed locks) is still causing trouble in physical security circles. There’s a draft paper (dated December ’04) on his web site entitled Safecracking for the Computer Scientist, which is a pretty in-depth look at what computer security can learn from safes (and vaults). The interesting thing is that it describes in detail the different ways that safes are cracked, probably revealing techniques that locksmiths would rather you didn’t know about (there’s a lot of security-by-obscurity there). The conclusion seems to be that while safes can fail, at least they do so in better ways than computer systems do.

Personal note: Anyone in cryptography should know that lock smithing is just another algorithmic puzzle for mathematicians. Most locks are basic logic machines. What amuses me is that so many technologies remain with older security measures because of “security by obscurity”. Similarly, this was the case with bicycle locks until some college students found that the “U-locks” could be opened with a ball-point pen.