lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <01c601c2c31d$88d62a40$c71121c2@sharpuk.co.uk>
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe)
Subject: Lock business practices "security-by-obscurity" for 150 years

at Thursday, January 23, 2003 7:38 PM, hellNbak <hellnbak@...c.org> was
seen to say:
> So yes, this was security through obscurity.  Without public
> disclosure there would be little motivation for lock companies to
> retool and create better locks.
And TBH there still is little incentive for them to do so. More secure
locks *are* available that aren't susceptable to this particular
attack - but which are susceptable to other attacks (I am told that an
experienced locksmith or lockpick can use the same "probe" technique
used to pick the lock, but estimate quite closely the multiple "catch"
positions for the pins by the amount they must lift the pin in order for
it to lock into position. plus of course almost any lock can be
disassembled and the pin positions measured)
While good crypto costs no more than bad, really secure cylinder locks
*do* have a higher production cost, are more likely to jam, and often
are physically larger.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ