January 15, 2005

Safecracking<br/> "Nowhere is the sense of secrecy surrounding safe and vault security greater than it is around the selection and location of effective drilling points on various safes. Where to drill is perceived as one of the darkest and most carefully guarded secrets of the safe trade, something that can be learned only through careful analysis and cataloging of hundreds of different containers. Determining where to drill is actually quite straightforward." Matt Blaze at UPenn just published a excellent paper titled Safecracking for the Computer Scientist, and boy, has it pissed off the locksmith community.

Stolen shamelessly from Bruce Schneier.

  • note... the "Safecracking for the Computer Scientist" link downloads a PDF file...
  • "This paper is a general survey of safe and vault security from a computer science perspective, with emphasis on the metrics used to evaluate these systems and the weaknesses that cause them to fail. We examine security against forced, covert and surreptitious safe opening, focusing on the mechanical combination locks most commonly used on commercial safes in the US. Our analysis contrasts the philosophy and tools of physical security with those of information security, especially where techniques might be profitably applied across these disciplines."
  • Also, as a curious george part of this post, anyone know a good criminal defense attorney who'll be around Portland in a few weeks? Not that I, er, will be needing one, er, or anything. Just curious. Just... really.... curious..... *whistles, nervously twitches*
  • In the Usenet post, the pissed-off locksmith says: "...[the University] they may not be aware of it or of the negative impact that his so called work has on our industry. With concern for homeland security so important, we belive that your voice will be heard." Is this the year that we start adding "appeal to patriotism" to the official list of logical fallacies?
  • It's not a fallacy if he's right.
  • It would be a nice addition, if people even cared about logic anymore. The only time I have heard recent mention of logical fallacies is on MoFi. Logic has been dead for a long time in America.
  • Loto: No, he's doing fine.
  • ian... I happen to know one here in Portland. Drop me an email and I will see if I can get in touch with him. It's been awhile, but I think I can track him down. He kinda looks like Saul Rubinek.
  • So, if I understand this, people are upset that security by obscurity has once again proven ineffective? Okay. Same reaction as ever when that sort of thing happens. And in all my years on Usenet I had no idea there was a place where locksmiths hang out. Huh.
  • /sings Ian is a Safe Cracka Ian is a Safe Cracka!!
  • oooooooooohh... this is great! I feel more evil already. It makes me want to laugh like this: BWAAAAAHAHAHAHAHAHAHAHAHA! I love knowledge like this. Kinda like lock picking or copying DVDs or how to make explosives or one of a lot of other things that might be deemed as in appropriate knowledge. Things that take normal everyday life and manipulate it in ways that were not intended.
  • Remember, kids: Napalm is just gasoline mixed with pulverized styrofoam.
  • Situations like this are why tenure exists: at the top of the alt.locksmithing thread, the original poster is encouraging others to pressure Prof. Blaze's "superiors" to fire him. Aside from a few high-fives in the faculty lounge, I don't imagine a letter campaign will amount to much, especially since he's doing valuable work. It's a nice article. Good link ian.
  • Bonehead: I agree (being in the university setting myself): You're not doing something real unless you're pissing someone off.
  • No tinyurl please.
  • Well, shining light into dark crannies is bound to annoy a few -- thanks, ianwouldsay, for an interesting article.
  • yeah tinyurl sucks; the Schneier post I stole it from got flack for using it as well. Actually, the reason I had to use it is the damn MoFi 1000 character posting limit, and the usenet URL was about 200 characters itself.
  • When did holding a gun to the head of the guy with the combination go out of style?
  • yeah tinyurl sucks; the Schneier post I stole it from got flack for using it as well. Actually, the reason I had to use it is the damn MoFi 1000 character posting limit, and the usenet URL was about 200 characters itself. There's usually a lot you can trim off Google URLs. For example, this seems to be all you need: http://groups-beta.google.com/group/alt.locksmithing/browse_thread/thread/58055b2e30923103