Picking Locks with Cryptology
Matt Blaze AT&T Labs / University of Pennsylvania

Computer security and cryptology take much of their basic philosophy and language from the field of mechanical locksmithing, and yet we often ignore the possibility that physical security systems might suffer from the same kinds of vulnerabilities that plague computers and networks. This talk explores the relationship between mechanical locks and cryptology with an emphasis on how the abstract security models more usually associated with computing systems can be used to analyze and attack physical security systems as well. We describe attacks against masker-keyed mechanical pin tumbler locks that exploit weaknesses remarkably similar to those found in badly-designed cryptographic protocols. We end with future directions for research in this area and the suggestion that mechanical locks are worthy objects of our attention and scrutiny. A recent research paper on this subject is available online at: http://www.crypto.com/papers/mk.pdf