Mastodawn

Physical security and cryptography can learn from each other, part 11367:

Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.

Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.

But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.

Show thread

Matthew van Eerde Mar 27

@mattblaze I suspect there is a square-root law here, where optimum balance between the "wandering guest" threat and the "found keycard" threat is achieved by allowing elevator access to the square root of the total number of floors (your own, plus some randomly selected floors)

Show thread

robloblaw

@mvaneerde @mattblaze
The maximal security approach is for the key card to only given access to a random floor (excluding the floor the room is on).

Show thread

solo Mar 30

@robloblaw @mvaneerde @mattblaze that would still reveal a small amount of information about which floor the key belongs to

Show thread

robloblaw Apr 1

@solonovamax @mvaneerde @mattblaze
True, but an attacker may not be able to get to the elevator, due to the crowd of people at reception complaining they can't get to their rooms.

Show thread

Matthew van Eerde Apr 1

@robloblaw @solonovamax @mattblaze The free-market solution is for an entrepreneur to stand all day in the elevator with a collection of cards who will get you to your floor in exchange for signing a EULA allowing them to sell your personal information