begin quoting Ralph Shumaker as of Mon, Aug 11, 2008 at 03:23:52PM -0700: > James G. Sack (jim) wrote: > >I'll be looking forward to RS's commentary on this. > > > > http://blog.wired.com/27bstroke6/2008/08/medeco-locks-cr.html > > > >The above was found from /. How can one resist reading any article with > >"Shrinky Dinks" in the headline? > > I may be wrong, but I believe this may actually work, to a degree.
The best thing to every happen to the lock(smith) industry is the invasion of crypto-geeks. :) > Although I'm a little reluctant to believe that the plastic will be > thick enough to get the correct rotation of the Medeco pins (as > described decently in the article). Medeco pins have to be the correct > height _and_ rotation before the lock can turn. To what tolerance? 30 degrees? 15 degrees? I'm not suprised that thickness isn't a real factor. > Credit card type plastic (probably nylon actually) has already been used > for spare door keys made by AAA for many years now. The plastic keys > were never meant to be used in the ignition (not even once), and even in > the doors, were only meant to be used 2 or 3 times at the most. But > I've made some decent money digging that plastic out of ignitions and > doors. Even _knowing_ they aren't supposed to stick it into the > ignition, people still do. And even _knowing_ they shouldn't even use > it in the doors more than 2 or 3 times, they still do. They don't > expect it to get stuck and break off, but it does. Yup, I used to have some of those. The plastic was actually thicker than an actual credit-card, but for a car where you were likely to lock the keys in the car, it was a clever idea. Opening a door with a nylon key was a tricky experience, and I can easily see how rushing it would break the key off. I always took it slow and careful. As for being used in the ignition... a lot of cars are set up so that you're not _supposed_ to turn the key itself. So if you're careful, a nylon key would work just fine. > Security is such that if there _is_ a break-in, it's better to know that > it happened. A plastic key is *much* more likely to break off inside > the lock, which would quickly give you away (the next time someone tries > to stick their key in). I know how to minimize that risk, but even most > locksmiths have probably never thought about it. I quote from the article: "Once the plastic key is inside the cylinder and lifts the pins, it's not actually strong enough to turn the cylinder, so the researchers insert a small turning wrench to turn the cylinder and open the lock." > This would be a way around apartment house charges of $50 for a spare > key for the main entrance or the pool, but will end up just being extra > costly for management when they have to pay locksmiths to remove the > broken plastic. And they'll have virtually no way of knowing who was > responsible, short of witnesses. Same problem exists with 13-year-olds and epoxy. Is it really that big of an issue? > As I began reading the article, I was thinking that it would actually > have a decent chance of working in the Medeco locks I've dealt with, but > I was certain it would not work in Assa or Schlage Primus because of > side milling (which the article eventually mentions around the middle), > nor even Schlage Everest. I'm not familiar with many other high > security locks. Part of the problem is that there's a desire to loan out keys to give someone temporary access to a resource, and once someone has the key under their control, the game seems to be up. The problem here is that *seeing* a key is sufficient to break it. > I must admit, if I ever come across a customer who has a broken Medeco > key (not a mere foto) and is paying me to get him in, I might consider > creating a duplicate (for one-time use only) from an old credit card (or > hotel room key). But I've never had such a situation before, so I doubt > the likelihood of ever encountering it. Use their credit card. AFTER charging your fee to it. -- Obviously, we need smart cards as crypto challenge-response keys. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
