I was doing a bit of last-minute research for my Crime-Facilitating Speech paper, and found — using a Google search for “master keys” — a paper that purports to show a huge vulnerability in many master key systems: If someone has a nonmaster key that opens a particular lock, then he can easily create the master key which opens that lock and all the other locks that are on the same master.
I’m not a locksmith, but the claim sounds quite persuasive, and the author (Matt Blaze, a former AT&T cryptographer, and now a computer science professor at Penn) seems smart and credible. If you’re responsible for a building or department that uses master keys, keep this in mind. Blaze claims that some kinds of locks aren’t vulnerable to this problem, so replacing all the locks may fix the problem. Naturally, this might not be cost-effective in some situations, but it may be quite cost-effective indeed if the stuff you’re securing is important enough.
UPDATE: Thanks to reader Chuck Jackson for pointing out that Blaze, whom I first identified as an AT&T cryptographer, is now a Penn professor. By the way, doesn’t he sound like someone from a comic book? “Matt Blaze, scholar by day, safecracker by night.”
FURTHER UPDATE: My former student Dave Price writes:
I can confirm that Matt Blaze’s master key privilege-escalation attack works: I saw him demonstrate it at a conference in 2003. He could do it in about two or three minutes, and he guided a graduate student through the process in five or six. All it requires is a few key blanks, a handheld punch that lops off pieces to change the keys, and a non-master key plus access to the lock that it opens during the attack.
Blaze has brought a computer security approach to analyzing the traditional products and methods of physical security. He’s become a thorn in the side of traditional locksmiths and safe manufacturers, most of whom still hold to a security-through-obscurity credo. He’s also published a paper on safecracking and an essay about the reactions of locksmiths to his work. In that last, he raises the prospect of having his research temporarily silenced through spurious DMCA takedown notices.
Comments are closed.