×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MIT Students Release Code To 3D-Print High Security Keys

samzenpus posted about 9 months ago | from the +10%-lockpicking dept.

Security 207

Sparrowvsrevolution writes "At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert released a piece of code that will allow anyone to create a 3D-printable software model of any Schlage Primus key, despite Schlage's attempts to prevent the duplication of the restricted keys. With just a flatbed scanner and their software tool, they were able to produce precise models of Primus keys that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium. Primus high-security locks are used in government facilities, healthcare settings, and detention centers, and their keys are coded with two distinct sets of teeth, one on top and one on the side. That, along with a message that reads 'do not duplicate' printed on the top of every key, has made them difficult to copy by normal means. With Lawrence and Van Albert's software, anyone can now scan or take a long-distance photo of any Primus key and recreate it for as little as $5."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

207 comments

3D printing shall not have arrived (1, Troll)

smitty_one_each (243267) | about 9 months ago | (#44476309)

Until somebody offends the G8 [wikipedia.org] . Vladimir Putin subsequently has him bound to a rock, where each day an eagle is sent to feed on his liver, which is re-printed and re-installed each day, almost like an old Windows version.
OR
. . .is bound to the same rock, and subjected to Barack Obama speeches in an infinite loop.

Unclear which is worse.

"Do Not Duplicate" (5, Interesting)

DexterIsADog (2954149) | about 9 months ago | (#44476335)

Really? That makes them difficult to duplicate? On which planet?

Re:"Do Not Duplicate" (0)

RobertLTux (260313) | about 9 months ago | (#44476387)

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

Re:"Do Not Duplicate" (5, Interesting)

DexterIsADog (2954149) | about 9 months ago | (#44476567)

You have to be kidding - I have duplicated dozens of keys with that admonition on it. Not a single refusal from locksmiths, Home Depot staff, etc.

lol, how did you get modded insightful for something patently untrue?

patented blanks (3, Interesting)

gl4ss (559668) | about 9 months ago | (#44476699)

what the lock companies do is they patent the blanks.

that's why lock companies come up with a new scheme every so often. and to buy those blanks you need to sign a contract that you wont copy without permission of the lock owner.. which is hard to check anyways.

Re:patented blanks (3, Interesting)

torkus (1133985) | about 9 months ago | (#44476859)

This (mostly). You'll also see several of only selling additional blanks to locksmiths in an equal number to the customer codes they punch into their system. It's not perfect but it's another control

Before the printing game this worked 100%...excluding the 'illegal' bootleg keys most locksmiths would buy from China...which are, of course, much cheaper. :)

Re:"Do Not Duplicate" (1)

Anonymous Coward | about 9 months ago | (#44476729)

You have to be kidding - I have duplicated dozens of keys with that admonition on it. Not a single refusal from locksmiths, Home Depot staff, etc.

As have I. The only question I get asked is whether I would like to have "Do Not Duplicate" also stamped into the new keys when the blanks do not already have those words on them.

You must not live in my jurisdiction (3, Interesting)

davidwr (791652) | about 9 months ago | (#44476829)

I my jurisdiction it is (or was, a decade ago) against the law* for a locksmith to copy keys that are both marked "do not duplicate" and which used blanks available only to locksmiths required the locksmith to go through paperwork to make sure the person requesting the copy was authorized by the lock-owner to do so. This typically involved asking the requester to provide the lock's "number" which presumably the lock owner had but which was not on the key or lock itself.

Up until recent decades, one of the more practical ways to duplicate many security keys was to make a mold and build a key from it, like you saw in 1960s spy movies. Yes, that required physical possession, but it didn't require a locksmith.

--
*I'm not sure if the law has any real teeth, it may be just a "civil fine" or it may just open up the locksmith to civil liability if the key is misused, much like if a bartender serves a drunk person more booze and they drive and kill someone, the bartender can be sued by the victim's family.

Re:You must not live in my jurisdiction (0)

Anonymous Coward | about 9 months ago | (#44477569)

In my state, there is no license, or regulations on locksmiths. So anybody can claim to be a locksmith.

Re:You must not live in my jurisdiction (2)

mjr167 (2477430) | about 9 months ago | (#44477961)

So are these keys you cant get a copy made at Wal-Mart? Cause I'm pretty sure the minimum wage Wal-Mart employee doesn't care.

Re:"Do Not Duplicate" (0)

Anonymous Coward | about 9 months ago | (#44477099)

gets even better when those same people will happily stamp 'do not duplicate' on the duplicate

Re:"Do Not Duplicate" (1)

garyoa1 (2067072) | about 9 months ago | (#44477541)

Yeah but this is a primus key. You won't get it cut at your local walmart. Nothing to do with any warning on it.

Re:"Do Not Duplicate" (0)

Anonymous Coward | about 9 months ago | (#44477849)

I've actually been to one store (an ACE Hardware) that refused to duplicate a Do Not Duplicate key. Of course, the vacuum repair store (???) across the street was A-OK duplicating the same key, so...

Re:"Do Not Duplicate" (3, Interesting)

Jah-Wren Ryel (80510) | about 9 months ago | (#44476589)

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

That happens to be the same planet where you can just put a little piece of tape over the DND message, maybe write something on the tape so it looks like a label, and then nobody is the wiser.

Or just go to a place like yelp to find locksmiths that don't care.

Re:"Do Not Duplicate" (4, Funny)

mcmonkey (96054) | about 9 months ago | (#44476603)

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

And which planet is that? It certainly isn't Earth.

In my college days we'd make copies of the dorm keys for friends who lived off campus, so we wouldn't have to go down to let them in the front door of the dorm.

Not only did those keys have the imprint "do not duplicate," but the copies we got back would have the same message!

Re: "Do Not Duplicate" (3, Funny)

Anonymous Coward | about 9 months ago | (#44476691)

How dare the copies include "Do Not Duplicate", when the original clearly stated that the words must not be duplicated!

Re: "Do Not Duplicate" (1)

Anonymous Coward | about 9 months ago | (#44477887)

This remind me of when I photocopied a Windows XP disk. It says on them, "Do not make illegal copies of this disk". So I photocopied it and hung that up on my bulletin board. Har har. What a fucking laugh for a few seconds.

Re:"Do Not Duplicate" (0)

Anonymous Coward | about 9 months ago | (#44477071)

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

Like those with DVD Burners who would obey the "Do not make illegal copies of this disc" on an XBox game?

Re:"Do Not Duplicate" (1)

Anonymous Coward | about 9 months ago | (#44476431)

This is a long shot, but I think it might have possibly been a rhetorical construct known as "humour".

Re:"Do Not Duplicate" (1)

Anonymous Coward | about 9 months ago | (#44476511)

It was a long shot at the construct known as "humour", I'll give you that.

Re:"Do Not Duplicate" (1)

jones_supa (887896) | about 9 months ago | (#44476643)

"Do Not Duplicate". Really? That makes them difficult to duplicate? On which planet?

I assume that message was intended for the owner of the key.

Re:"Do Not Duplicate" (0)

UnknowingFool (672806) | about 9 months ago | (#44476975)

On a planet where if you tried to take the keys to your local hardware, you'd find that they couldn't do it. It's not impossible to duplicate the keys but just hard for an ordinary individual without access to specialized equipment. Realistically you could duplicate one if you had a CNC machine but not many people have one in their garage.

Re:"Do Not Duplicate" (1)

DexterIsADog (2954149) | about 9 months ago | (#44477133)

It's true that various key designs are difficult to duplicate, impossible if you don't have the correct equipment. I was making fun of the line in TFS that said "Do Not Duplicate" contributed to the difficulty of duplicating the key.

Re:"Do Not Duplicate" (1)

UnknowingFool (672806) | about 9 months ago | (#44477183)

I don't think of it was intended to be a layer of difficultly but a request. I suppose Schlage could have printed "Please do not duplicate" to be more polite.

Re:"Do Not Duplicate" (-1)

Talderas (1212466) | about 9 months ago | (#44477513)

Which means this whole article is pointless. I thought there was something special about these keys that a regular locksmith couldn't duplicate them. Nope. Nothing special. So it's an "Oooo 3D printer" self fappitory story that Slashdot is so fond of posting.

Fucking 3D printers and Bitcoin. If an article discusses them, not matter how tangential they may be you can be guaranteed to see it on Slashdot. Heaven help us the day someone uses Bitcoins to buy a 3D printer.

Re:"Do Not Duplicate" (2)

egcagrac0 (1410377) | about 9 months ago | (#44477705)

The Primus keys are what's known as a "patented keyway".

The general idea is that Schlage is the only company that's (supposed) to be allowed to sell the blanks, and they only sell them to locksmiths that agree to play by their rules (like promising only to make dupes for authorized people).

The duplication of these keys is not newly possible - but it's a new simplification.

Unfortunately (0)

Anonymous Coward | about 9 months ago | (#44476341)

This will prompt someone to spend an inordinate amount of taxpayer money on electronic locks which are even less secure.

Re:Unfortunately (4, Informative)

Cenan (1892902) | about 9 months ago | (#44476495)

Locks don't make secure doors, doors do. If you wish to enter, the type of lock on the door is not going to deter you. Electronic locks are not more or less secure, it is just a different set of crooks that are able to get through them without leaving traces.

Re:Unfortunately (5, Insightful)

hedwards (940851) | about 9 months ago | (#44476709)

Not true. I used to work security in a building that had a lot of electronic locks. And ultimately, you can't enter them without leaving a trace. Sure, they might not know who it is that entered at 2:26 AM, but we would know that somebody entered at that time. Whereas with regular keys, we would at most know that somebody went to that floor around that time, but we'd have no clue as to which door they went into.

In other words, we could probably get video footage of the person that went into the door secured by an electronic lock, or at least narrow it down substantially, but would have no way of doing that with a traditional lock as we would have to have video of them getting into the elevator, not at the actual door.

What's more, with electronic locks, there's the ability to lock people out during periods of the day that you can't do with a traditional lock and you can change the key much more rapidly.

Yes, they aren't perfect and can be prone to attacks that a normal lock and key aren't. But, ultimately, suggesting that they're not any sort of improvement ignores reality.

Re:Unfortunately (0)

Anonymous Coward | about 9 months ago | (#44477231)

So, in the event of a power cut. The locks either are open by default or locked by default locking you out? How do they behave exactly? Even after the battery backup has run out?

Re:Unfortunately (2)

egcagrac0 (1410377) | about 9 months ago | (#44477801)

The electronic locks around here are powered by battery as well as mains.

After the 12 hours (or so) of battery wears out, it depends on the lock type - the electric strike locks are fail-closed (bypassable by mechanical key), the magnetic locks are fail-open.

electronic doors still have traditional locks on (1)

Joe_Dragon (2206452) | about 9 months ago | (#44477341)

In some buildings the electronic system is for that office only and the building maintenance people have the keys for the traditional locks also traditional locks are needed when power fails or the electronic system fails. Also in some buildings when the fire alarm goes off the electronic doors unlock.

Some buildings make so that only the building maintenance people can change light blubs.

How quaint (5, Insightful)

msobkow (48369) | about 9 months ago | (#44476347)

I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?

Re:How quaint (2)

fuzzyfuzzyfungus (1223518) | about 9 months ago | (#44476423)

You just tell everybody who has to come in for a key replacement who it was who lost their key, then turn your back and whistle innocently. Cuts the loss rate significantly.

Re:How quaint (5, Insightful)

Anonymous Coward | about 9 months ago | (#44476561)

Thus ensuring that people who lose keys wait as long as possible before reporting it, in order to avoid retribution. Now you've lowered your loss rate *and* your security at the same time. :)

Re:How quaint (3, Insightful)

fuzzyfuzzyfungus (1223518) | about 9 months ago | (#44476615)

Exactly! People love Objective Metrics (especially ones made of numbers, because numbers are super scientific) that are easy to measure; because they allow even the laziest among them to experience the warm, comforting, embrace of Knowledge. They hate, and thus tend to ignore, fuzzy metrics that are difficult or impossible to quantify (like 'security') because those are a morass of nescience and harrowing epistemic uncertainty.

By doing exactly the wrong thing, and encouraging blatantly insecure behavior (you also likely create a culture of casual key-sharing and letting just anybody who 'lost their key' in), you drive the metric that people are looking at through the floor (demonstrating your Epic Competence), and shove all the risk under the rug of the metric that everybody avoids looking at and politely doesn't mention!

Re:How quaint (0)

Anonymous Coward | about 9 months ago | (#44476451)

Most places the key cards are overriding the actual mechanical key based security.

Mechanical keys are still used as a backup to cards in the event of power outages, or system failures. Though only a few people need to have this kind of access.

Re:How quaint (1)

mlts (1038732) | about 9 months ago | (#44477477)

At a lot of places I worked, there was a short list of people who had mechanical keys:

1: The security desk had a master key which was in a paper envelope, in a sealed box which was the "break glass in case of emergency" type. Facilities tended to use the keycards.

2: The building had a Knox box with a master key on the front so the local PD or FD could get unfettered access.

3: The corporate officers have keys.

4: The top IT manager had a key.

That's pretty much it for the most part.

Re:How quaint (1)

loufoque (1400831) | about 9 months ago | (#44476455)

Keys have the advantage that they do not require electricity to run.

Re:How quaint (1)

Anonymous Coward | about 9 months ago | (#44476735)

Which is important if your job does not require electricity to be productive. As a code orangutan, if the card-scanner doesn't have the electricity to read my keycard, my slack-station doesn't have the electricity to even pretend to be productive.

Re:How quaint (1)

SuricouRaven (1897204) | about 9 months ago | (#44476785)

We use low-security locks at my employer. Electronic. The fastening is electromagnetic.

Why? Because there are children around, which means that in the event of a fire we need to be able to evacuate very quickly. A fire that could potentially burn through power cables before setting off the alarms. The electromagnet locks are failsafe - if the power fails, the locks unlock. There's also a physical power cut button (The 'break glass' type) on one side of most of the doors.

Re:How quaint (3, Informative)

msauve (701917) | about 9 months ago | (#44477007)

I worked in an office with electromagnetic latches. Used a badge reader to get in. A motion sensor would let you out. If you forgot your badge, flipping a sheet or two of paper through the gap between the doors would trigger the motion sensor and let you in.

Re:How quaint (2)

SuricouRaven (1897204) | about 9 months ago | (#44477431)

Similar trick on ours. The doors also have those flip-up-and-down levers on the inside edges that allow for one side to be locked shut. We've no actual use for them, they are just part of the 'stanard' door that the builders purchased and installed. The children soon worked out that if you flip the lever down, the bolt comes out the top of the door and stops it closing. Which means the magnet can't make contact with the locking plate. So now there is a crew that always flips the bolts when they come through in the allowed direction, so that when they later come the the other way they can get through.

Re:How quaint (1)

jones_supa (887896) | about 9 months ago | (#44476673)

I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?

Remember that electronic locks can have various vulnerabilities too.

Re:How quaint (2, Interesting)

Anonymous Coward | about 9 months ago | (#44476711)

I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?

The data on key cards can be replicated as well. Heck, even the new "e-passports" gaining popularity with governments around the world have been cloned in the past.

Also, even locks that use key cards have mechanical elements. The bits can be secure as can be, but there may be physical ways to bypass the system.

AFAIK, the only physical keying system that has not been hacked is Abloy's (non-Cliq) Protec. Short of drilling out the cylinder I don't think anyone has been able to get in without having a key. Or at least this was the case about a year ago (the last time I looked).

Re:How quaint (3, Informative)

mlts (1038732) | about 9 months ago | (#44476901)

Last time I read, the locksport guys have managed to get it open in 10-12 hours. The Protec is about ten years old, and Abloy has put out the Protec2 with minor changes recently which, AFAIK, has not been opened.

I'd probably say the Protec2 + CLIQ is probably the best out there. It isn't 100%, (as the 2009 DEFCON got them back to the drawing board to deal with the vibration and magnet attacks and made a rev using a disk that turns as opposed to a pin that retracts), but it is as good as it gets for this department.

Of course, there is one step up from there -- going with Kaba-Mas X-10 combo locks on the doors as a backup. However, for almost any task, the Protec2+Cliq is probably the best of breed we have right now.

Re:How quaint (0)

Anonymous Coward | about 9 months ago | (#44478009)

Then there's Rabson locks. Can't beat those.

Re:How quaint (0)

Anonymous Coward | about 9 months ago | (#44477453)

You can always blow the bloody doors off.

A problem with high security locks is that they are low safety locks. Are every single one of your employees in that area less important than the thing that is being protected? Then favouring security over safety is OK ***as long as the employees know this and can accept or refuse***. You have to allow them to refuse without prejudice because it is their lives at risk. If the chief security officer is thinking otherwise, then he must be in attendence in the area when the area is being used. First in, last out. Otherwise they are offering other people's lives, not his own. Leaders are supposed to lead.

At least the locks CAN be replaced or recoded (0)

Anonymous Coward | about 9 months ago | (#44476749)

Try our newest, bestest attempt at "security": Biometrics. Someone copies the key, now what? Replace the compromised worker? Kill the citizen and hope the citizenry spawns a new one?

Note, however, that for some purposes individually revokable keys are not well-suited. Like the fireman's keys, that tend to be used in emergencies when comms lines may not be available to check for key validity... or even electricity for the electronic locks to work at all. Battery backups only add to the confusion, because they need maintenance and regular replacement that might well be forgotten, skimped, skipped over, you name it. Mechanical locks simply work better in this sort of scenario.

What this means is that you can no longer simply let the keys lay about where people can scan them, or take a picture of them. This is not much different from not leaving people alone with keys lest they make imprint copies. It is somewhat new that even a long range picture is enough (another MIT story previously here on slashdot), and now 3D printers turn out to be good enough. Clay moulds were already good enough and are still cheaper than 3d printers, if somewhat more messy, so really, this isn't much of a difference.

The simple fix? Keep those keys out of sight, like, inside a key bag or something. Like you would with your digital "private key", dig?

Re:At least the locks CAN be replaced or recoded (1)

Streetlight (1102081) | about 9 months ago | (#44477543)

I'm not sure about firemen's keys, but firemen have other ways of getting through a locked door: battering rams, axes, chain saws, diamond disks and saws. Much like criminals - if they want to get into a locked house bad enough they will get in.

Re:At least the locks CAN be replaced or recoded (1)

RobertLTux (260313) | about 9 months ago | (#44477857)

allstate farmers and Nationwide all like buildings to have a way for Firemen to not break the door down just to do their job.

Re:How quaint (5, Informative)

mlts (1038732) | about 9 months ago | (#44476765)

I have been at several places where the key card system goes toes up and will not allow anyone in. The controller on a lot of HID systems is an XP box, and computers can fail, locking everyone out.

You have to have a high security mechanical override somehow. A lot of places use Best locks (which are 6-7 pins, have spool/mushroom tumblers, and unique keyways.) Others tend to go with Medeco3.

If you want resistance to 3D printers, there are already three methods which work well. The first is what is on Mul-T-Locks and Abloy PROTEC2 locks, and that is an active pin on the side of the key.

The second is a method like the Evva MCS, and having magnets embedded in the key. Duplicating this is a lot harder than just 3D printing a replacement, one would have to know where all eight magnets are facing and precisely align them. Not impossible, but not trivial.

Finally, there is the "CLIQ" technology that is going through multiple revisions. This combines a high security mechanical key with an electronic chip and tiny rotating pin powered from a battery on the key. Since each cylinder keeps the authorized keys in memory, there is no one central point of failure. The CLIQ system has gotten better over the years since it was opened at a previous DEFCON. First it was a pin that would retract, but that was changed to a small disk that rotates to allow the key to turn.

Nothing is perfect, but Assa-Abloy's CLIQ system is getting decently secure to be used as a backup cylinder with a card access system.

Re:How quaint (2, Interesting)

Anonymous Coward | about 9 months ago | (#44477947)

Overcoming 3D printers is simple.

Make the key a box channel with the pins inside of it. Not a U-channel, a full box channel. No angle of visibility from the outside can image the functional workings of the key. And likely, an inner channel impression would not give you a good reading either.

Making new ones would be a bitch, but, hey, I bet 3D printing could help with that. Generate pin shapes based on a GUID, and you're golden.

Long distance photo? (1)

Shavano (2541114) | about 9 months ago | (#44476353)

I don't think so. A long distance photo is not going to give enough detail. You'll need a high resolution photo of the key.

Re:Long distance photo? (3, Interesting)

fuzzyfuzzyfungus (1223518) | about 9 months ago | (#44476407)

I don't think so. A long distance photo is not going to give enough detail. You'll need a high resolution photo of the key.

Wacky Fun! [ucsd.edu] . That paper appears to deal with a less sophisticated key; but demonstrated successful attacks at 195 feet, with comparatively cheap apparatus.

sorry, can't fit Laxton in the joke... (0)

Anonymous Coward | about 9 months ago | (#44476845)

"Savage Wang"
hee hee

Re:Long distance photo? (1)

Immerman (2627577) | about 9 months ago | (#44476433)

Long distance and high resolution are not mutually exclusive. A high-power camera-ready telescope will let you get both.

Re:Long distance photo? (1)

hedwards (940851) | about 9 months ago | (#44476747)

Not really. Unless somebody is holding the key incredibly still, and you're using an incredibly fast shutters speed and you know exactly where to point the camera.

Even a 200mm lens, which isn't going to be getting you a good view from far away, is going to have serious issues picking up sufficient detail on the key to make a duplicate.

Re:Long distance photo? (1)

Culture20 (968837) | about 9 months ago | (#44477079)

Unless somebody is holding the key incredibly still

Like when they're lining it up to insert into the keyhole. What keys will need in the future is an opaque covering that slides down the shaft of the key as it's inserted into the lock, preventing the teeth from being seen.

Re:Long distance photo? (1)

hedwards (940851) | about 9 months ago | (#44477923)

Good luck with that. In order to get a shot like that, you'd have to have the camera directly on the wall, and you'd have to do that without the person noticing, and you'd have to have enough light.

Just saying, the likelihood of this working out, is pretty small, and you'd likely be caught by somebody that thinks it's suspicious to be taking photos of people in such a fashion.

Re:Long distance photo? (1)

afidel (530433) | about 9 months ago | (#44477323)

A 200mm lens is hardly exotic or expensive, I have an 18-200mm and a 150-500mm, with the 500mm I can shoot shots of birds at 200 yards that will capture individual lines on the feathers which are much smaller than the features on a key.

Re:Long distance photo? (1)

hedwards (940851) | about 9 months ago | (#44477907)

Only if they're holding the key still, and good luck doing that without anybody noticing. You're also presumably using a tripod to take those photos.

I've been a photographer for years, and if you're seriously suggesting that this is in some fashion realistic, I seriously doubt that you know anything about photography.

And yes a 200mm lens isn't rare, but getting one that could plausibly do this is quite expensive. And even then, you're talking about an F2.8 brick that everybody is going to notice. Even then, if you're inside or in the shade, you're not going to get adequate shutter speed to make out the detail on the key.

Re:Long distance photo? (4, Informative)

tibit (1762298) | about 9 months ago | (#44477227)

Whenever you'll be playing with a 12 inch or larger telescope, do yourself a favor and point it onto a terrestrial target a few hundred feet away. I've seen terrestrial pictures being taken through a 20" telescope and all I can tell you is that with clear air it's feels like taking your point and shoot and teleporting it a mile away. Never mind that if you don't care about giving yourself away, you can also flash-illuminate your target through the same optical assembly. I have to dig up some of the portraits my colleague took with his girlfriend standing about 1100 m. away on a winter night, with heavily overcast sky and no moon, with through-the-lens flash. It really looks as if you've been standing right there, except that of course the aberrations typical for closeup pictures are nowhere to be seen. As far as portraits go, a telescope gives you IMHO the best 2D reproduction to be had. I'm sure it'd be just as great at extracting the geometry of a key, since you get as close to axonometric projection as you can get.

Low-tech solution (4, Interesting)

Conspiracy_Of_Doves (236787) | about 9 months ago | (#44476357)

Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.

Re:Low-tech solution (1)

Conspiracy_Of_Doves (236787) | about 9 months ago | (#44476367)

Granted, this won't help if someone gets physical access to the key.

Re:Low-tech solution (0)

Anonymous Coward | about 9 months ago | (#44476661)

Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.

Or camouflage. While not a perfect defense, having shape baffling camouflage on the keys would at least make long range photobased duplication more difficult, and would still work while the key is enroute from pocket to door. (i.e.: not sheathed).

Granted, this won't help if someone gets physical access to the key.

Either way someone physically having access to a key breaches the security, that said, it is a lot harder to get your hands on a key than it is to photograph it at a distance.

Re:Low-tech solution (2)

mlts (1038732) | about 9 months ago | (#44476955)

Some English prison locks do this, because part of their design is to make the key and keyway as hard to eyeball as possible (so prisoners can't carve one out of soap or whatnot.)

Nothing new (0)

Anonymous Coward | about 9 months ago | (#44476369)

This is nothing new; it's also very easy to do with a photograph, a file and a dremel tool. Not that I've got any experience or anything, but I certainly never paid a lost key fee in college.

Why? (0)

sycodon (149926) | about 9 months ago | (#44477299)

Why would they do this?

Is there some cure to cancer behind a locked door that they think needs to be free? Perhaps some long lost formula for turning water into gas?

None of the reasons always offered up to justify breaking encryption applies here. How is it that civilization is made better by this?

Uhm... not really impressive (5, Interesting)

dbitter1 (411864) | about 9 months ago | (#44476653)

Former locksmith here. The Primus (and nearly all of the other high security keys) are simply relying on patent protection to keep people from duplicating the keys. Any locksmith worth his/her salt already has key machines that could reproduce them onto a chunk of brass (worst case) or just onto a normal key blank.

If you want to see something that would impress me, look at a German company - DOM - that has a design that includes a floating ball bearing in the key, which is integral to making the lock work. If they could make THAT with a printer, I'd be impressed.

One model:
http://www.dom-sicherheitstechnik.com/DOM-ix-Saturn.667.0.html [dom-sicher...echnik.com]

Re:Uhm... not really impressive (0)

Anonymous Coward | about 9 months ago | (#44477123)

3D printers can make 3D printed objects with movable parts (I have a working 3D printed adjustable wrench on my desk that required no assembly out of the cleaning vat), so prepared to be impressed...

Re:Uhm... not really impressive (2)

50000BTU_barbecue (588132) | about 9 months ago | (#44477147)

I've noticed that with the shoddy and fragile construction endemic in North American residences, it's not worth putting a fancy lock on things. You can kick the door in with one kick from a polio victim. Or with just a bit more force you can punch down the drywall and fake facade.

Re:Uhm... not really impressive (2)

drinkypoo (153816) | about 9 months ago | (#44477191)

The purpose of the locks is to make it noisier to get into the house, and to signal legal intent. If you are expecting crooks in your neighborhood to be good at picking ordinary locks and actually use the skill, then upgrading your locks might get them caught in the act.

Probably not though

Re:Uhm... not really impressive (1)

mlts (1038732) | about 9 months ago | (#44477233)

That mechanism is used in Mul-T-Locks and Abloy locks (the Mul-T-locks use it as a patent, the Abloy locks use it for a way for the user to know the key is all the way inserted.)

What I wouldn't be surprised in seeing is something similar to Ace round locks, except with the bitting inside the barrel. Of course, we then are back to the age old Bic pen way of opening those, but I'm sure there is a way to help with that (especially if a tumbler or two slid on an axial path somehow.) This would require someone to closely examine the key, or at the minimum, take good photos of the depth down the barrel.

Yeah as a lay man I was not impressed by primus (1)

aepervius (535155) | about 9 months ago | (#44477793)

I mean, there was nothing in the key which looked that difficult to duplicate, contrary to those key as you showed. Or even the round key , which have pins on all direction , not only 2 axis but on 8 axis or more (I dunno if you know what type I mean, when you look along the axis they look like a star with 8 ray and along the axis the pins at at random position and random angle). I never found a locksmith which had the way to duplicate those despite wanting a second set of key. (maybe I should have asked a crook ;)).

Re:Uhm... not really impressive (0)

Anonymous Coward | about 9 months ago | (#44478027)

Doesn't look impressive to me either. In fact I'm wondering whether the Primus would still be vulnerable to bump key attacks. It seems to be just like a normal key except with two tracks.

Whereas something like those Abloys looks less likely to be vulnerable to the bump key stuff.

I thank you for 7our time (-1)

Anonymous Coward | about 9 months ago | (#44476703)

MAKES ME SICK JUST they want you to one comm0n goal - your own towel in

This is what MIT students do for research? (0)

metrix007 (200091) | about 9 months ago | (#44476719)

Scanning keys to generate plans for a 3d printer is groundbreaking research? Wow.

Re:This is what MIT students do for research? (0)

Anonymous Coward | about 9 months ago | (#44477185)

MIT hasn't been about science or progress for a while now. We've done all the basic research and development we can do. We're just circling the drain now.

Re:This is what MIT students do for research? (1)

Anonymous Coward | about 9 months ago | (#44477589)

We've done all the basic research and development we can do.

Idiots have been saying that since before electricity was discovered.

3D Printing Hysteria (5, Insightful)

Sperbels (1008585) | about 9 months ago | (#44476911)

Can some explain to me why the only stories about 3D printing that make the news are ridiculously paranoid? Anyone can print out a secret key. Anyone can print out shitty plastic gun. What's next? Anyone can print out a bat'leth? Anyone can print out a plastic pressure cooker and make a plastic bomb? Anyone can print out plastic kiddie porn? Not one story discussing the incredible potential? Like, machines printing out copies of itself? Or the effects on a society and economy where any product can be downloaded and printed? None of that interesting stuff? Just the fear and paranoia stuff?

Re:3D Printing Hysteria (2)

mlts (1038732) | about 9 months ago | (#44477169)

It is a new technology, and the first thing that happens are the fearmongers coming out. Next come the regulators because they want to enforce the status quo.

Same old thing, we had this with computers, we had this with the Internet. I wouldn't be surprised if there is a law or international treaty that gets passed forcing all 3D printer makers to have a DRM stack, or only allow signed files to be printed on the machines (with people having to send all stuff they want printed to a third party for "approval" and a certificate.)

Re:3D Printing Hysteria (1)

msobkow (48369) | about 9 months ago | (#44477591)

Everyone can imagine the benefits.

But only the paranoid can fear the sky falling on their old business models and security through obscurity.

Re:3D Printing Hysteria (2)

Culture20 (968837) | about 9 months ago | (#44477687)

You can 3D print a spatula. Nothing says "I love you" like the gift of a 3D printed spatula.

Primus? (0)

Anonymous Coward | about 9 months ago | (#44477921)

Primus Sucks!

Where's the code? (1)

Anonymous Coward | about 9 months ago | (#44477999)

So, having read the fine article, where is the code? I didn't see any links to github or similar...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...