I've watched Schuyler talk[0][1] at RVASec (a small richmond va security conference) the last couple years.
If you find locks even almost remotely interesting, Schuyler is the guy who will talk until you think they are really interesting. He's super passionate about locks and gives a ton of easily digestable information about them.
Its funny watching the video of the lock being picked. I cant help but feel that if that style of lock was invented today, we would probably complain rather heavily about its insecurities. There is a clear vulnerability in that they produce sound and friction that enables a trained individual to pick the lock, gaining unauthorized access.
It's also interesting to think almost every house in the country has one of those locks, yet no one seems too concerned.
I think many people mis-understand locks. Locks are very rarely there to prevent entry. It's there to prevent undetected, unauthorized entry, or to make entry a little harder, but not impossible. With bump-keys, most locks actually fail at both (never mind lockpicks) -- and end up being a strange kind of security theatre -- where most people are in fact actors (ie: don't realize that so many, many locks are completely insecure in any meaningful way).
Another thing that people often mix up, are security and safety. A secure door/building is a death trap. If people can't get in/out in an emergency, that's usually terrible, for almost any kind of building. A building that you can't break into or out of in less than a minute, is unsafe.
Or to put it another way: what's the difference between being in prison and living in a castle? ;-)
There is a reason I mentioned fire codes, I suppose I could have been more verbose. :P
But yeah, stronger locks are pointless when you have doors that are designed to be kicked in [or out] in an emergency by someone who is able to apply a certain level of force to the right spot on the door.
Yep, and most apartments have worse versions of those, which the residents are contractually forbidden from doing anything about. I'd love to have a steel door with a solid frame and half-way-decent locks, but since my landlord is good with whatever was on sale at Home Depot, I don't get a say in the matter.
I've read the phrase "Locks are on doors to keep the honest people honest." in that context.
You could pick the lock or break a window, but that requires enough effort/behavior out of your norm to stop the impulse to maybe do something not-so-honest.
One of my dad's favorite quotes was "Locks keep honest people out".
Even if you get a secure lock, are you also going to reinforce the door frame? If someone wants in they will get in. It just costs more if you want to make it harder to perform certain type of attacks against your home defense.
I can't remember where I read it, but a locked door is quite effective in preventing burglary as forcing the lock or crashing a window would greatly increase the chance being detected.
In my country the rate of burglaries is currently sadly rising and the police advices homeowners to invest into security measures like doors, enforced doors, enforced windows and cameras. They say that most burglars stop if it's not easy for them.
Exactly, you could have every window and door barricaded up with steel and someone could still come along, take some tiles off the roof and get in easily that way.
Does anyone know how widely these are actually used?
When looking at the video, the key looked very "old fashioned", and I thought that surely they're not widely used anymore. In Finland, most locks are something called (after quick look to Wikipedia) disc tumbler lock, and I hadn't really thought about how common they're elsewhere.
I think we'd just say something else is too inconvenient and that nobody cares (which is sort of true).
I can pick all the locks of my appartment in under a minute.. but im not worried.
The postman leaves packages in the lobby behind the building front door.. that door which he and everyone else has the code to, and everyone let everyone else in if they dont know it (or just give them the code really).
Differential cryptanalysis, side channel attacks... The analogues are all there, only in a more tangible form.
A well-designed electronic lock based on modern cryptography might be immune to almost all of these attacks, so in a sense we're pretty close to getting perfect security back. In real life, of course, nothing stops attackers from simply ignoring the lock and bashing the door in.
Awesome article. My take away for the computer world... There's no safe, just safer. Security through obscurity is not as ridiculous as popularly believed. Make your secrets distributed and subtle, and protected in multiple ways for best likelihood!
The "security by obscurity" that we have in the physical world, is closer to AT&T publishing personal data on their web site, and weev getting sentenced to years in prison for pointing it out, than many people realize.
The big difference, is that in the digital world, seeing is possession -- if someone walks up on your porch an reads the documents you've placed there, you'd never know.
(Writing this, I kind of realize how some seemingly sensible people think that the crazy laws on computer intrusion makes sense... but the don't. That's a discussion for another time, though. Along with how analogies may not be the best vehicle to determine sentencing guidelines new areas opened up by new technology...)
the major issue with security by obscurity is ignorance.
a very well secured secret that is also not talked about will be very safe.
a poorly secured secret that is also not talked about will not be very safe, and you probably wont even know when its stolen.
in the real world, the later happens most of the time. hence why security by obscurity is highly discouraged. it enforces the security mechanisms to be pretty good.
I've watched Schuyler talk[0][1] at RVASec (a small richmond va security conference) the last couple years.
If you find locks even almost remotely interesting, Schuyler is the guy who will talk until you think they are really interesting. He's super passionate about locks and gives a ton of easily digestable information about them.
[0] - https://www.youtube.com/watch?v=3nROJz_UNQY
[1] - https://www.youtube.com/watch?v=kTQWPrl_Tao