this post was submitted on 12 Nov 2023
1481 points (96.1% liked)

tumblr

3436 readers
811 users here now

Welcome to /c/tumblr, a place for all your tumblr screenshots and news.

Our Rules:

  1. Keep it civil. We're all people here. Be respectful to one another.

  2. No sexism, racism, homophobia, transphobia or any other flavor of bigotry. I should not need to explain this one.

  3. Must be tumblr related. This one is kind of a given.

  4. Try not to repost anything posted within the past month. Beyond that, go for it. Not everyone is on every site all the time.

  5. No unnecessary negativity. Just because you don't like a thing doesn't mean that you need to spend the entire comment section complaining about said thing. Just downvote and move on.


Sister Communities:

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] ed_cock@feddit.de 1 points 1 year ago* (last edited 1 year ago)

Mechanical locks CAN be designed well.

So can even the most superfluous IoT devices, though. It's just that they aren't.

they can be way more secure than any digital “smart” lock

Typical mechanical locks are fundamentally flawed. Think of it like this: They are opened by a short combination of digits, represented by the key. There is no lock-out mechanism if someone keeps trying to guess the combination, even if they try many per second and there is no user-friendly way of resetting the combination if it has been compromised.

The tolerances, even in good locks, have to be high enough to enable attackers to guess the combination digit by digit, not as a whole, significantly reducing the time needed to guess it. You can try to mitigate this a little with special pins and weird key ways, but it's ultimately a necessity, otherwise the lock would constantly fail to open or even break.

When you have a master-keyed system, the digits represented by the master key (the root password, essentially) will always be lower or equal to any non-master key you find. This, too, can be exploited, allowing an attacker to safely derive a master key from any other key in the system.

Also, keys can be reproduced from photographs. That alone is a disastrous flaw. Just imagine the CVEs that would be written about the flaws above, and the manufacturer's response. "But you need skills for that" is never an excuse in the digital realm, it shouldn't be in the analog either.

Meanwhile a well-implemented digital lock has all the important components on the other side of the door, exposing only a contactless card reader to interact with. The cards or tokens aren't dumb data storage, they support public/private authentication, meaning they can not be copied by someone walking up to you with a high-powered reader. There is no port to connect to, no pins to jiggle, just a dumb NFC reader that you can't even open non-destructively.