Matt Blaze21h ago

Physical security and cryptography can learn from each other, part 11367:

Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.

Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.

But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.

Show threadMatt Blaze21h ago
In other words, restricting the elevator in this way is a bad tradeoff. It makes it harder for guests to visit their friends on other floors, but it reduces the complexity for an outsider burglar from O(|rooms|) to O(|floors|) + O(|rooms_per_floor|), a much more feasible search space.
Show threadᴮᵉⁿ ᴿᵒʸᶜᵉVOTE IN THE PRIMARIES19h ago

@mattblaze

the solution is for the hotel itself to drop keycards around the hotel and in the surrounding area

then when that honeypot keycard is used on the elevator it takes the potential burglar to the basement where a burly guy named Steve is waiting for them with a grin

Show threadPete / Syllopsium
@benroyce @mattblaze It's a funny idea, but as I'm sure you'll know this isn't like dropping your file/USB stick, it's not unlikely a customer will misplace their card and then 'miraculously find it again' in the surrounding area, as that's what they walked past
10:42amWeb
Show threadᴮᵉⁿ ᴿᵒʸᶜᵉVOTE IN THE PRIMARIES8h ago

@syllopsium @mattblaze

well if i was being serious, the burly guy in the basement would have been named Bob

Show threadPete / Syllopsium8h ago
@benroyce @mattblaze Well, yeah, Steve is just too nice, isn't he?