Never Buy a Cheap Safe (and kleptography)

A German TV program (don’t worry, there are subtitles) examines cheap safes and points out why they aren’t safe. Vividly. This shouldn’t be news to most of you, but the video is nevertheless worth keeping in your back pocket… “Friends don’t let friends buy cheap safes.”

The advice given in the video (check for a security certification label) is not bad if you’re trying to keep out Joe Burglar. Better yet is consulting your insurance company as to their requirements. Asking your safe dealer if it has a glass relocker is also a decent litmus test, if you’re OK with paying four figures and buying something several times your body weight.

(Glass generally means a safe isn’t crap. Tempered glass was one of the defining innovations in the safe designer’s war against drills… without it, only relatively hard to manufacture and work “hard plate” can keep the safe intact for long.

That’s why even high-end safes from the 1900s, which pre-date tempered glass and hard plate, won’t last five minutes against a modern attacker. The drill goes through them like the proverbial hot knife and butter.)

Kleptography: The Internet Engineering Task Force is treating the NSA like damage and trying to route around it. The first draft proposal of security considerations they’d like to take into account at the March 2014 meeting is out,[1] and it’s worth reading… if only for the use of the term ‘kleptography,’ used to describe cryptography engineered for easy data theft.

Nevertheless, it seems there may be something of a “Stasi problem” here… Posting to the public list, John Young suggests (without further elaboration) that the person who wrote the document maintains ties with the “men-in-black.” Now, Young himself is, given his position and by his own repeated admission, almost certainly compromised on some level by someone by now, so it’s worth waiting on more definite proof before casting judgment.

Yet I’m reminded of the “Stasi problem.” After the wall fell, a plan was found in the Stasi archives to essentially keep going, and covertly get themselves elected into power and thereby keep control. (As it happens, the contract to clean the floors in the Stasi/MfS archives was awarded to the lowest bidder, a company staffed, as it turns out, wholly by ex-Stasi/MfS personnel.)

Or perhaps that should be the “Putin problem” — upon election as prime minister, Putin addressed an FSB party with the words, “Dear comrades, I would like to announce to you that the group of FSB agents that you sent to work undercover in the government has accomplished the first part of its mission.”[3]


> “Phil’s background as Verisign’s principal designer is wellknown, > and so are his design efforts in ‘certificates, cert crypto and secure > dns’. Lesser known are his friendships with the ‘men-in-black’.”


%d bloggers like this: