[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <01c601c2c31d$88d62a40$c71121c2@sharpuk.co.uk>
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe)
Subject: Lock business practices "security-by-obscurity" for 150 years
at Thursday, January 23, 2003 7:38 PM, hellNbak <hellnbak@...c.org> was
seen to say:
> So yes, this was security through obscurity. Without public
> disclosure there would be little motivation for lock companies to
> retool and create better locks.
And TBH there still is little incentive for them to do so. More secure
locks *are* available that aren't susceptable to this particular
attack - but which are susceptable to other attacks (I am told that an
experienced locksmith or lockpick can use the same "probe" technique
used to pick the lock, but estimate quite closely the multiple "catch"
positions for the pins by the amount they must lift the pin in order for
it to lock into position. plus of course almost any lock can be
disassembled and the pin positions measured)
While good crypto costs no more than bad, really secure cylinder locks
*do* have a higher production cost, are more likely to jam, and often
are physically larger.
Powered by blists - more mailing lists