Friday, 24. January 2003
On Matt Blaze on Master Locks
Matt Blaze couldn't resist the old hacker tradition of tinkering with locks and was able to produce masterkeys for physical locks by keeping a cryptographers mindset. Nifty.
Edward Felten seems a bit mad at the lock industry knowing of this but not telling us. He points out that "we need independent analysis of security technologies."
Sure that's correct. But we also need something which spreades the analysis. As Seth Finkelstein points out this risk was known for long - but it seems it wasn't known by enough people.
The Chaos Computer Club spun off some years ago the Mission of the Sportenthusiasts of Lockpicking (some english Info on their Site). They taught us that locks are mostly protected by security through obscurity. Even high price/security locks often have systematic faults and can be opened without leaving a trace.
I'm wondering somewhat about the uproar about this thing by the computer security people. I guess it points out again that they don't think enough about physical security. From people doing penetration testing I hear that the physical route is often the easiest. Things like a way to crawl inside the ceiling from the visitors toilet to the server room really happen.
DCMA and Locks
mutatron and Edward Felten have some interesting thoughts as a followup on Matt Blaze's Masterlock thing. Basically they say if a key protects copyrighted material tinkering with the key or the lock is prohibited by the DCMA.
While this is a interlectually stimulating argument it also is a great example of the thoughtpattern which leads geeks to loosing legal and political battles over and over.
Geeks take a law or idea or something other they don't like and use cold logic to carry them much further than they where meant to be. Then they claim that the results by doing so lead to absurd results and so the original idea must be wrong, too.
While using this techique in a dispute is not stupid per se (see Schopenhauer) the geeks seem to think that it isn't just a tool for dispute but that they really have prooven in a logical way that the idea they are attacking is wrong.
Come on. Nobody will think of outruling hardware shops copying keys based on the DCMA. Statements like "You can't outrule prossessing hacking-tools since than you also have to outrule the possession of telnet and ping" just lets policy makers think you are a lunatic.
disLEXia, a research project by Maximillian Dornseif
 |  |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
   |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |  |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||