Security experts have cloned all seven TSA master keys

Security experts have cloned all seven TSA master keys

Key escrow — the process of keeping a set of keys for yourself “just in case” — has always been the U.S. government’s modus operandi when it comes to security. From the disastrous Clipper chip to today, the government has always wanted a back door into encryption and security. That plan backfired for the TSA. The TSA, as you’ll remember, offers a set of screener-friendly locks. These locks use one of seven master keys that only the TSA can use — until 2014. In an article in The Washington Post, a reporter included a shot of all seven keys on a desk. It wasn’t long before nearly all the keys were made available for 3D printing and, last week, security researchers released the final key. At last week’s HOPE Conference in New York, hackers calling themselves DarkSim905, Johnny Xmas, and Nite 0wl explained how — and why — they cracked the TSA keys. “This was done by legally procuring actual locks, comparing the inner workings, and finding the common denominator. It’s a great metaphor for how weak encryption mechanisms are broken — gather enough data, find the pattern, then just ‘math’ out a universal key (or set of keys),” said Johnny Xmas. “What we’re doing here is literally cracking physical encryption, and I fear that metaphor isn’t going to be properly delivered to the public.” Read More: TechCrunch
Back to blog

Leave a comment