Hacker News new | comments | show | ask | jobs | submit login
3D reproduction of TSA master keys (github.com)
197 points by monort on Sept 14, 2015 | hide | past | web | favorite | 79 comments

I will hang onto this and use it as an example of why it "government managed backdoor key escrow" for encryption algorithms is such a bad idea.

Yep, it is the perfect explanation for why the Government can't be trusted with "master keys" of any kind.

like the "master keys" for the nuclear arsenal?

You left out the worst incident I know of:


The US was one arming switch away from nuking North Carolina in 1961. This and a bunch of other really scary nuclear-related accidents are covered in Command & Control: http://www.amazon.com/Command-Control-Damascus-Accident-Illu...

They are not master keys if they are the only keys and they only open the lock they were built for.

Exactly. This is only a problem if the locks were publicly available which they should be in case of insecure technologies like the clipper chip.

I guess the physical equivalent is a knox box as illustrated here https://www.rsaconference.com/writable/presentations/file_up...

The master keys for the nuclear arsenal were "00000000" for much of the cold war.


That's a great example for why any kind of 'master key' is dangerous.

The entire SSL infrastructure we use is not only looking at you side-eyed, but also asking you if you've checked your SSL root certificate list lately.

Just saying, our life is full of secret master keys. Most of the products built here rely on secret master keys. There really isn't any way to get around secret master keys.

The problem here is that we don't trust the TSA to secure said master keys. In part because it's an incredibly hard problem since any image capture device glimpsing them can enable reproduction, but also because the TSA doesn't incentivise its employees well enough (see pay bands here: http://www.federallawenforcement.org/tsa/ and note that airport security folks won't be making even $70k a year).

Well, yeah, and SSL's key system is widely regarded as awful and insecure.

That's why things like certificate pinning, DANE (using DNSSEC for SSL certificates), and HSTS were invented.

> Well, yeah, and SSL's key system is widely regarded as awful and insecure.

Its not really the key system so much as the fact that the first step of trust is broken because end-users aren't directly choosing trusted root CAs, they are being chosen on behalf of the end users by third parties whose interests aren't aligned with those of the end user, and who do as much as possible to remove (or at least obscure) end-user control of that most fundamental step in the delegation of trust that underlies SSL's key system.

It's more of an example of why widely distributed, irrevocable master keys are a bad idea. In addition, it's also an example of why end-user-owned but secret master keys don't work (see DRM). The picture taken was totally not necessary to make these 3D models. You could just buy one of each of the seven lock types, and saw them open to look at the pin arrangements.

> The picture taken was totally not necessary to make these 3D models. You could just buy one of each of the seven lock types, and saw them open to look at the pin arrangements.

Is it really that simple with modern locks? I thought they had gotten good at foiling this kind of attack.

Newer locks are designed to be hard to pick. If you have complete, destructive access to the lock, there's nothing they can do.

Are your implying that the ssl CA system isn't a huge shit show? Because it is, and it's only incrementally more secure than the tsa keys.

I'm just saying that at some point you need to accept a fundamental level of insecurity. Being mad at the TSA for copying the model everyone already uses is sort of pointless until we start to provide better alternatives.

Just a story to support your point.

When I was a junior in high school, me and some buddies got into lock picking. Our goal was to be able to break into the school and explore places we weren't supposed to go. We could get in and out and no one would be the wiser.

One of my friends figure out the janitors only had two master keys they used for every lock in the school. We were able to steal one, and reproduce it several times for each of the team members and get it returned without them suspecting anything. For two years, we roamed every part of the school and discovered some amazing things about our school that no one would ever know except us.

For two years we had a run of the place, then turned them over to another group of incoming students were hackers like us. They did the same thing and it went on for several years and became somewhat of an urban legend. It finally ended when one group used the keys to break in and vandalize the school. Afterwards, the locks were changed, cameras and alarms were put in and all the fun ended.

But your point is spot on.

On hijinks: Our dorm rooms at college had a master key type system too. You dorm key would only open your room, but the RA, college dean, and other personnel had a master key. In talking with the RA who was a good friend, he let me and a few friends see the master key. I kid you not, the master key was just 1 tooth longer than our's. That's it, just 1 tooth and the locks opened all up. Well, now, with that know-how and access to any paper-clip, we had run of any lock at the college. The only nefarious purpose was to yank the cable hook-ups right before the finale of some dancing show to watch the girls loose their minds. Other than that, it was used for getting into your dorm when you locked yourself out.

Our doors had master keys and core removal keys, but they also had lever handles and no weatherstripping.

A bent coat hanger and some string made for a device that could quickly and reliably open doors.

Most physical security works by perpetuating illusions.

> For two years, we roamed every part of the school and discovered some amazing things

Well, don't leave us hanging...

- We found a series of catwalks that ran above the gym. It was closed and you had a series of doors you had to go through to get there. It felt like something out of a movie.

- Passages to the roof outside the normal fire escapes.

- A bunch of underground tunnels (not steam tunnels) that ran under the school and connected to god knows where - all three tunnels ended at another set of locked double doors we couldn't seem to open with our lockpick set at the time. We think it may have been some 1940's bomb shelter or something.

- The best was being in the maintenance rooms where they fixed stuff and had some really cool tools and tons of stuff in various stages of being torn apart. We also figured out the janitors had tools to break into the combination locks that secured all of our lockers which raised a few eyebrows.

- All the outdoor storage areas. My school had four huge garages built into the side of a hill where all the sports equipment like track and field hurdles, landing mats, soccer goals and nets. They contained all kinds of balls and other things that probably shouldn't be stored there like jersey's, warm up suits, etc. It felt like stepping back into time since a lot of the stuff in there hadn't see the light of day since the 1970's.

- Tons of empty storage rooms that were located throughout the school. This was the real reason we wanted to get those master keys. They just seemed completely random. Like in one hall, there were three, non-descript doors. No "Maintenance Only" or "No Students Allowed" posted on them. You'd almost miss them if you didn't recognize them. Some were empty, other held trophies from the 50's and 60's. Others had boxes and boxes of financial and academic records of students from long ago. Others had political flyers and pins from the 70's and 80's.

The one thing I was really proud of is that we didn't do anything nefarious. We explored the school and never vandalized anything and for the most part were responsible with the power we had. The several classes after us did the same thing, pushing farther and discovering even more nooks and crannies that they would share with the rest of the groups that came before them over pizza and pop and the local Pizza Hut.

When I read the books about the early hackers at MIT, exploring building 26, I finally knew what they felt like.

Underground steam pipe hallways with rats, for one. For me, it was college.

Do you know where this rats were from?

Crotobaltslavonia, originally, though they only got as big as they are now from all the radioactive waste stored down there.

They were Oklahoma rats.

In comparison, I recollect patients at a UK secure hospital being able to memorise keys at a single glance and reproduce them from memory - my colleagues had to keep their keys in leather sheaths at all times.

Also - https://www.schneier.com/blog/archives/2005/09/shoulder_surf...

Another example of why HN posting time matters https://news.ycombinator.com/item?id=10200641

I feel like what matters more (unfortunately) is that you know a bunch of people who you can get to immediately vote you up.

What might be more interesting is if HN used Facebook login and its front page ranking algorithm only counted votes from people outside your friend network.

Oh please no, do not link it to facebook.

If anything, analysis of past voting should give a clue to accounts who game the system.

I'm fairly sure that HN uses lots of manual human monitoring to make sure that good content doesn't slip through the cracks. In fact, most of the secret sauce of HN seems to be real-human intervention along with making that intervention invisible. When the mods boost up a story nobody really notices because it looks like the 'normal' way a story gets boosted. Bans aren't really public or announced, etc. And none of that is criticism, it works really damn well.

Moreover, the HN moderation explicitly 'owns' the community in the sense that it's their house and their rules which helps because it doesn't give people a sense of entitlement about representation. (Having some experience with the matter, nothing kills you more dead than people getting entitled and demanding a 'reasonable explanation' for every descision you make. Everybody wants theirs and it means you can't actually take any action to improve things without wading through lots of crap.)

HN does have some vote ring detection. I have no idea ho effective it is.

As far as I can tell this is a completely unsolved problem. Reddit has the same issue, and now Super Mario Maker on the Wii U has the same problem. Anytime there's a plethora of content and it relies on user interaction to bubble up, a lot of good content is missed.

Bet you that the officials will double down on this through the judicial system instead of acknowledging the truth about the absurdity of having a 'secured master key'.

Call it what it is , the master keys are a backdoor :-) . This should show people why backdoors are dangerous.

I printed the TSA007 key yesterday and it easily opened a TSA lock on hand.

When one can break into most zipping suitcases with a bic pen, rezipping it so you never know I was there, what's the point of a lock?

Some locks do have alert features [0] so you should at least know it was opened. It won't stop a thief, but at least it lets you know when someone was looking. That is, if it makes it to your destination :-)

[0] http://www.amazon.com/Kolumbo-TSA-Lock-2-pack-BLACK/dp/B0106...

The comment above is saying that you can get into luggage without even touching the lock.

You just use something like a pen to break the zipper mesh. Sliding the zipper back and forth when you're done will re-zip it.

Is there such a device that you can put in your luggage that video records the contents and and towards where the person opening it would be standing?

Is it illegal to record someone going through your stuff? I mean, if they are just looking through it to ensure the safety of everyone, why can't I ensure the safety of my stuff?

Be careful about wires and electronics in your bags. If it looks even the slightest bit suspicious you might find that they've detonated your luggage instead of delivering it.

Something like a goPro should be fine though, no visible wires and its one of the most iconic cameras these days.

Seems to me pretty much any lock can have itself picked. Isn't that the point though? If these are TSA-approved locks, I'm pretty glad they're in-secure, because it'll teach fine lessons about security at a very personal level when its breached. Perfect place to put a security lesson.

Just travel with a firearm. You are by law required to have a lock that only you have access to and a hardcase around the gun, so you can travel with cases made out of metal with hefty locks that only you can open and if TSA needs to get into them they have to get you, they can't just pry them open.

And the fire arm doesn't have to be loaded and IIRC it can even be a flare gun, if you don't want to own actual firearm.

Flare guns in your checked luggage is actually a really good thing to do even if you arent concerned about it- I have a friend who works at an airport and he says that protocol dictates they have to flag and keep special track of anything gunlike- and flare guns don't need any sort of licence to carry. It keeps your bags secure and makes sure your luggage gets where it is supposed to go.

Years ago I read the story of a professional photographer that used that trick to carry his -very expensive- equipment without fear that the airline would loose it.

Aha, not the original text I read, but same idea: https://www.schneier.com/blog/archives/2006/09/expensive_cam...

I was under the impression that airlines/TSA can't anyway mark your luggage even if it contains firearms. Some airlines give you a tag, but you are suppose to put that inside your luggage, but I might be wrong about this or my info might be very old. I'm basing most of my stuff on this video https://www.youtube.com/watch?v=KfqtYfaILHw

This is reportedly also an excellent way to make sure your baggage is not lost...

Any lock with this red logo can be unlocked with that set of keys: http://www.cargogear.com/imagelibrary/images/stclockpackb.jp...

This includes for instance pretty much any lock included with or built into luggage from Samsonite etc.

In fact, you can do it with just a ballpoint pen:


While true, this totally misses the point. Also, not all luggage uses zippers (esp. not super thin, cheap ones): https://www.thepurplestore.com/cgi-bin/product_detail.cgi?ps...


Given that a suitcase is not very solid and you are walking away with it to break open at your leisure, why does the padlock matter?

I can't say much about other countries, but I do know they're common in the UK. You often see them on combination locks, so that the TSA (or similar) don't need to know the code to open the lock.

The article links to the SNEAKEY project, which is pretty impressive. Using a photo taken from 195 feet away, they were able to duplicate phsyical keys by decoding their bitting code from the photo. Never stumbled across this before.


When I heard about the keys being reproduced from a photo, I assumed that the photo was taken of the keys close up.

Under these circumstances, it's an impressive feat.

The TSA key photo was taken as a close up; SNEAKEY is something different, but the same end result.

Well someone's life is about to get "interesting".

Hope they do not live in the USA.

According to their github profile, they're located in France. If they're a French citizen, then extradition to USA most likely won't happen. [1] Traveling can still get really interesting though.

[1] https://en.wikipedia.org/wiki/Extradition#Bars_to_extraditio...

This is assuming that they are indeed who their profile suggests and they weren't in a coffee shop with no security cameras that they didn't use an untraceable transport to get to, and didn't used a VPN and TOR on an untraceable computer... or they took their cellphone with them.

Of course, they quite probably are and quite probably uploaded it from home... and hoped that any extradition wouldn't get enforced.

As far as I understand the law in France (I am french, but not a lawer), providing these files may be slightly reprehensible because it helps to create illegal copies of the keys. But, there is a strong mitigating circumstance in the fact that TSA has been careless with its keys.

I think that the author does not risk anything in France. The spirit of the law is very different in US.

...and their camera doesn't contain dead pixels, off-colors, watermark patterns or EXIF serial numbers that ony matches one profile on Facebook.

Taking bets on when this gets DMCA'd out of existence.

Surely the keys are copyrighted? :)

"the functional elements of a 3D print can't be copyrighted"


The BluRay master code was too (copyrighted and attempts made to DMCA it).

I'm quite sure enough people have copies of that there's no putting this genie back in the bottle.

Like a wise man once said,

"One does not simply delete something from the internet."

I have a feeling the Streisand Effect is going to take hold pretty soon.

wow on a side note. I learn to love Github more and more. Had no idea they have STL viewers built into preview panels. Very Cool

these are not keys to get into a secure facility, they're for fucking luggage. a rusty hammer or discount $1 pliers will break these things.

Consider me not impressed.

> a rusty hammer or discount $1 pliers will break these things.

True, but with the master key you could open anyone's luggage, take something out, put something in, or just examine the contents, and then close it up with no evidence that you'd done anything.

Actually, there would be a (very) small piece of evidence.

The TSA-approved locks I have to travel to the US have a small red ring. If the lock is opened with a TSA master key, the red ring appears, it has to be opened with its own key for the red thing to disappear.

So yeah, you'd know that someone has fiddled with your lock, little more.

Simple solution: Travel around until you get your luggage inspected, copy the notification paper they place in your luggage, place copy in any luggage you surreptitiously open, boom: TSA did it, not you.

I've never seen such a paper, but presumably it could include a date and serial number? If that doesn't match their records, TSA will know something's up.

It looks like this: http://i.stack.imgur.com/oR15I.jpg

I'm sure the TSA would be able to figure it out, but the goal would be to leave the person whose luggage it is without any reason to believe something is amiss or to bring it to the attention of the TSA in the first place.

They could, but none of the ones they've put in my luggage have ever had any kind of (visible) identification data.

I have one of those locks too, except when the TSA checked my luggage and left one of those helpful pamphlets in my bag, my lock was still green.

Sure, and if they actually wanted to be sneaky (to steal something, to plant something, etc) they could just open the zipper with a ballpoint pen as mentioned elsewhere in the comments. That surely won't leave any red rings.

Closing a split zipper is a bit difficult, but you're right. It can be done with more ease than 3D printing a TSA master key.

Preparing 10 minutes to fully check your luggage at landing (including checking your toothpaste) might be the best spent 10 minutes of your life. However I wonder how I should react if I indeed discovered cocaine in my bag.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact