lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Mar 2014 11:32:51 -1000 From: WebDawg <webdawg@...il.com> To: Jimb0 Hon1nbo <hon1nbo.list@...il.com> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Master Lock random key code generation/distribution Fails Intresting. I have actually found the opposite of what you are talking about at home depots. On Mar 26, 2014 11:21 AM, "Jimb0 Hon1nbo" <hon1nbo.list@...il.com> wrote: > First this is not a physical finding in the normal sense, but a finding > that Master Lock does not properly generate key codes differing in each > batch, or that they do not randomize distribution of said key codes. > > After visiting a home depot, I found the following problem: among every > model of padlock with a key, each model was matched in key codes for the > entire model stock. I walked in for one set of matching locks (a little > three or four pack), and I walked out with multiple sets all matched (will > I trust these locks, no). WE checked every lock in stock and they all had > the same issue. > > Example, every if buying Master Lock model "A", every model "A" would have > the same key code. > If model "B," every model "B" has the same key code. > > This means that with every stock a store like Home Depot receives, there is > only one key combination for each model of lock. If a store only receives a > few shipments a month, then there are only a few possible keys. If that > store happens to be a large, if not only, source of locks in the area, then > you have the probable key combination at each store > > attached is a photo I took showing a matched set I pulled off the shelf to > buy when I found it. > > PS: This is not the special order contractor stuff that is designed to have > the same key code, but individual packaged products on the shelf. > > > -Hon1nbo > > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists