John Schwartz at the New York Times reports on a blockbuster piece of research by cryptographer Matt Blaze. Matt applied the principles of cryptography to good old fashioned door locks and keys, and what he found is pretty horrifying. Given a key to one of the locks in a building, and a small number of key blanks, there is a method by which you can make a master key that opens all of the locks in the building.
Apparently some locksmiths have known this was possible for a long time. The lock manufacturer Schlage has even taught locksmiths how to carry out a version of Blaze’s attack. Yet somehow they never bothered to tell their customers.
This is why we need independent analysis of security technologies. Manufacturers will keep important information from their customers, even information that impacts the basic security decisions of the customers. Bans on security analysis, or bans on the dissemination of results, just help manufacturers keep their customers in the dark. Thank goodness there is no DMCA for door locks.