masterkey systems / locks - how do they work?

[globallockytoo]

@WOT

Bilock pins of multiple depths...would not give an indication of the likely master key...because it is not probable to guess the master based on the pin selection, once dismantled.

aside from the fact that to dismantle you require a core removal key.

[BobbO45]

@globallockytoo : All apologies! The quote should be from WOT. Tried to quote him from your post - I must have messed up .

My point about the SFIC locks is that they have two different shear lines, not created by pins, but actually two different parts of the plug that can rotate. This can cause pins of the same stack to 'set' at two different levels, as opposed to setting two different pins to the same level (in the same stack) as in a non SFIC lock. For example, in a simple SFIC setup say you have 7 stacks and no masterkeying. Even if you were to 'pick' every pin, theoretically in a perfect lock you would not know if you had set the pin to the operator shear or the control shear. This means that your chances of correctly setting every pin to the operator is 1 in 2^7 (1 in 128). Same goes for the control shear. So your chances of opening the lock when all pins are 'picked' or 'set' is 2 in 2^7 (1 in 64). My assumption is that you are just as likely to pick the stack to the control shear as you are to the operating shear, so when you add pins to a stack you are increasing the complexity and reducing your chances to pick all stacks to the same shear line.

To clarify my question I am wondering how many depths a BEST key can be cut to. I.E. for a single pin stack, ^-^, \_/, what are the number of depths that you can cut to. This will tell you how many different key exist for a lock. For example: if a key can be cut to 8 different depths, and there are 7 pin stacks, then there are 8^7 different key possibilities for the system. Thanks.

[WOT]

My point about the SFIC locks is that they have two different shear lines, not created by pins, but actually two different parts of the plug that can rotate. This can cause pins of the same stack to 'set' at two different levels, as opposed to setting two different pins to the same level (in the same stack) as in a non SFIC lock.

Yep. That's why they don't respond too well to bumping as unless all the stacks line up to the same shear line, neither operates.

For example, in a simple SFIC setup say you have 7 stacks and no masterkeying. Even if you were to 'pick' every pin, theoretically in a perfect lock you would not know if you had set the pin to the operator shear or the control shear. This means that your chances of correctly setting every pin to the operator is 1 in 2^7 (1 in 128). Same goes for the control shear. So your chances of opening the lock when all pins are 'picked' or 'set' is 2 in 2^7 (1 in 64). My assumption is that you are just as likely to pick the stack to the control shear as you are to the operating shear, so when you add pins to a stack you are increasing the complexity and reducing your chances to pick all stacks to the same shear line.

It's not possible to selectively torque the operating shear line, however it is possible to do so with the control line using a special tension wrench designed specifically for SFIC.

To clarify my question I am wondering how many depths a BEST key can be cut to. I.E. for a single pin stack, ^-^, \_/, what are the number of depths that you can cut to. This will tell you how many different key exist for a lock. For example: if a key can be cut to 8 different depths, and there are 7 pin stacks, then there are 8^7 different key possibilities for the system. Thanks.

It depends on the type. There are 3 types, A2, A3 and A4 with 10, 7 and 6 depth respectively. When you consider the specific rules, the practically usable depths are MUCH less than the theoretical available depths, especially A2.

[ridinplugspinnaz]

It's not possible to selectively torque the operating shear line, however it is possible to do so with the control line using a special tension wrench designed specifically for SFIC.

On the topic of the SFIC wrenches, I picked up the Peterson set awhile back, but if I had no luck actually getting it to work on my Best core. Is there a trick to making sure you're hooking the control sleeve instead of the plug? The description with the tools suggested shimming the wrench with flat toothpicks, but for the most part I haven't been able to find any at the local stores. Got any ideas as to how I can get a good contact with the sleeve?

[Pyrhhus]

Not to interrupt or derail your discussion, but to get back to groove's original post. This is a VERY informative article that goes over traditional master keyed systems in some detail.

http://www.crypto.com/papers/mk.pdf

The actual topic of the paper describes how to deduce the master key cuts based on having access to one sub-key in the system as well as 10-15 blanks. I would like to stress groove, and I admire that you have made very clear your intentions in this regard, that you NOT try this on the Best lock's in your dorm. It is very informative nonetheless and will help you understand in greater detail how these systems work.

If your school's Best locks are anything like the my schools, they probably use a PKS system, meaning the key blanks are not available online or on e-bay, and thus you can't get the blanks to try this. Plus if you don't file the key right, there is a chance it could get stuck in the lock. Again though, this ranks right up there as things you should under no circumstances be trying on locks not belonging to you.

P

[ridinplugspinnaz]

Again though, this ranks right up there as things you should under no circumstances be trying on locks not belonging to you.

...which is precisely why, I suspect, that no one else in the thread has linked to the article yet. Personally, although I realize that that is a whitepaper, it's the kind of thing I don't think we should be necessarily encouraging on LP101 just because of its implications for the security of very large-scale systems. Part of me really wishes you hadn't linked to that.

Given that it's out there though, I'll point out that while the Blaze paper is most definitely an excellent writeup on master-keyed systems, I think his dismissal of the efficacy of possible countermeasures against the attack he describes is a bit misleading.

For example, he acknowledges that adding an extra cut to each pin stack will reveal 2^P (where P = # of pin stacks) possible TMK bittings, leaving 128 combinations (and therefore at least 35 more blanks, expanding on a binomial filing optimization) for the attacker to test in a 7-pin cylinder, on top of the blanks already used to discover all possible pin stack cuts. Given that the vast majority of people don't have a key punch available, that's no trivial task to undertake. It's also entirely possible that on at least one pin stack, an extra cut is there purely to frustrate would-be attackers (though this is probably rare in real-world deployments). Much more likely is that in larger deployments, submastering may be implemented by >2 cuts per pin stack, which requires the attacker to also test all submaster bitting arrangements in search of the TMK bitting. The attacker might also erroneously be led to believe that they have found the TMK bitting when testing other locks, when in fact the bitting they have found corresponds to a submaster level instead. A sufficiently large number of locks would need to be tested with each of 128 combinations (assuming each pin stack contains either 3 cuts, or 2 cuts with one cut falsified) to find the TMK with absolute certainty.

Another point that Blaze fails to address entirely is the in vivo scenario of removing pin stacks from a master-keyed cylinder, like WOT was talking about earlier in this thread. While the locksmith decides to do this primarily for reasons of convenience, it actually has the unintended consequence of making the complete TMK bitting somewhat harder for an attacker to discover from a single lock using the Blaze attack. Removing even one pin stack means that the attacker must find other locks with the same keyway and logical grouping to test against; determining other locks of this sort may be difficult to do if the attacker holds only one change key (and therefore also has only one blind code to reference). Combine this situation with one where the locks are submastered with multiple cuts per pin stack, and this could easily widen the search space for the TMK by an order of magnitude, while simultaneously requiring a diverse group of locks to test with each bitting.

My main point in all of this is that the underlying assumption of the Blaze attack seems to be that a change key is always the least-privileged key in the system, so the attacker can therefore assume all cuts on his/her key are irrelevant to the TMK (save in RC-mastered systems). In sufficiently-large systems, however, that may not always be the case, particularly when >2 cuts per pin stack are present for a given logical group. If the key that the attacker possesses happens to be a submaster, it is possible that at least one of the cuts on their key is a more privileged cut then they are led to believe. It is also possible the the locksmith has purposely put false cuts in pin stacks to frustrate this sort of attack. While Blaze suggests that this trades security against one type of attack for additional phantom keys (and he's right), it may or may not be worth the tradeoff in order to "compartmentalize" the damage that the attack he describes might do. If the attack yields a limited submaster key instead of the TMK due to purposely-placed false cuts, in some installations this might be a desired outcome.


Wow, that was a lot of typing.

[raimundo]

I stand corrected, I was not thinking best sfic when I wrote the post, and of course was only giving a simple and general explaination of masterkeying, those guys, Was it WOT and globy, added some very good information relating to the SFIC and some specific masterkey strategies. I thank them for their posts and reccommend that you read them carefully as there is some serious information there.

[WOT]

well my contribution in this thread is done, as I don't really feel like turning into how to crack a master key system thread.

[Pyrhhus]

..which is precisely why, I suspect, that no one else in the thread has linked to the article yet. Personally, although I realize that that is a whitepaper, it's the kind of thing I don't think we should be necessarily encouraging on LP101 just because of its implications for the security of very large-scale systems. Part of me really wishes you hadn't linked to that.

I apologize if linking said article is out of place, but I will have to disagree with you in this one ridinplugspinnaz. Firstly, by linking it I am not encouraging anything, much less compromising master locked systems; let me make that extremely clear. Secondly, I did a google search of "master key lock systems" and Matt Blaze's cyrpto.com web site is the very first site that comes up. It is hardly fair to suggest that I am somehow revealing hidden information by liking it.

If history is any precedent, trying to suppress information in the "information age" is hardly going to be effective when it is widely available on the internets. Again, my apologies if the lp101 community deems such linking inappropriate, but without getting into a debate about the ethical responsibility of this site, I think that linking a widely and freely available (and also highly relevant to the original question) does not cross too many lines.

P

[ridinplugspinnaz]

I apologize if linking said article is out of place, but I will have to disagree with you in this one ridinplugspinnaz. Firstly, by linking it I am not encouraging anything, much less compromising master locked systems; let me make that extremely clear. Secondly, I did a google search of "master key lock systems" and Matt Blaze's cyrpto.com web site is the very first site that comes up. It is hardly fair to suggest that I am somehow revealing hidden information by liking it.

If history is any precedent, trying to suppress information in the "information age" is hardly going to be effective when it is widely available on the internets. Again, my apologies if the lp101 community deems such linking inappropriate, but without getting into a debate about the ethical responsibility of this site, I think that linking a widely and freely available (and also highly relevant to the original question) does not cross too many lines.

P

It's certainly not up to me to make that sort of judgment call for LP101 as to what's appropriate to post and what isn't, don't get me wrong. I'm just saying that personally I wouldn't have done it, particularly when some of the most recent posts from new members here have cryptically shown interest in master-keyed lock systems, which makes anyone that's been around here a bit fairly skeptical of their intentions when asking those questions.

At any rate, I'm sure the mods will make the determination as to what is okay to post here; in the meantime, I agree with WOT on this one, I don't want to turn this thread into a discussion on privilege escalation. As you can probably tell from my previous post, I do think that the mathematics of the problem are intriguing, but perhaps that is a discussion for another place. Hopefully no one thinks that it was my intention to continue such a discussion, because it most certainly was not; in fact, the whole point of my last post was to show that there are several real-world scenarios where the Blaze attack is definitely NOT worth attempting, and obviously such a thing should never be done on a system that that person doesn't own / have permission to test.

Let's stick a fork in this one, shall we?

[WOT]

Let's stick a fork in this one, shall we?

I'm all for information sharing. I'd gladly tell him "go read a book" but I feel that it isn't worthwhile spending the time to coach someone for seemingly useless(from the view of using my time) purpose.