Home > Authentication, Dog House, Identity & Access Management, Manufacturers > They Talk About “Encryption.” They Must Be Smart!

They Talk About “Encryption.” They Must Be Smart!

from our Geeks Who Love To Poke Fun At Marketing People department

Schlage sent out this mailing recently.  Can you guess why Locksmith Mike was so



Problem #1 (simple math)

26 bit standard card format: pnnnnnnnnxxxxxxxxxxxxxxxxp

p=parity bits

n=facility code

x=card ID

65,536 possible card IDs

16,777,216 possible unique IDs if you use included the
facility code but that’s weak…

Problem #2 (the really annoying one)

Proximity isn’t encrypted. It’s just transmitting a unique ID. It is subject to man in the middle attacks, play backs, etc…

So does this mean that if I sniff their communications, I
can remotely send their unlock command by doing a play back? That would suck…

Do I want to trust a company that doesn’t understand a
simple prox card or a partial reason why the industry is moving towards smart
cards? Do I want to be the bozo who buys
a product like this thinking it’s accurate?

  1. May 23, 2007 at 1:26 pm

    Steve, this reminds me of another company who, right around Y2K, was advertising (accurately) 67 million unique codes, and guaranteeing that they would reserve the facility code portion for a specific customer. The trouble was that their readers would also read the data off “other” format cards, and as a result when this “beautiful new system” went into its first tall Manhattan building, hundreds of neighbors came to “try out” the lobby turnstiles, and many were granted access in someone else’s name! As luck would have it there was a minor security incident, and all of the access control records were deemed invalid as a result of the issue. Although technically and very narrowly they got the math right, they didn’t *really* get the math right.

  2. Mica Millbach
    May 24, 2007 at 10:55 am

    Steve, Sounds like they have found the answer to wireless security. Some say “remember the Alamo!” We in security say “remember WEP…” WEP failed because engineers designed the security protocol. Here we have guys from Marketing drawing the conclusion that 10 apples taste better than 1 orange.

  3. May 25, 2007 at 2:59 pm

    I’m glad I got your attention. Given the small amount of room on the post card mailer, I wasn’t able to detail the security aspects of the Schlage wireless access product line. My point was to address a concern of the consulting community. That’s why the Schlage wireless access products have multiple tiers of security features.
    Before I list the security features, I want to address your gripes. True, we could have chosen our words more carefully. I was trying to use standard proximity technology as a frame of reference. For the sake of this discussion, let’s use the term 26-bit data. Even if you include the parity bits, you’re talking about 67 million permutations, or 6.7 x 10(7). In most access control systems, that data is sent in raw form via Wiegand signals from the reader to the access control system with no encryption at all. Where Schlage wireless access products differ, is they 128-bit encode all transmissions such as 26-bit card data from the Schlage wireless device at the door to its respective wireless panel interface module, which is often co-located with a third-party access control panel. Simple math: 128-bit encryption provides 5 x 10(30) permutations or hundreds of trillions more combinations. However, the main point is Schlage wireless access products securely transmit card data from the door to the panel, where most wired alternatives do not. Therefore, Schlage wireless access products provide security above and beyond typical wired access control applications.
    What’s more, we also incorporated the following security features into the entire family of Schlage wireless access products:
    1) Spread spectrum RF technology was developed and used by the US military for secure communications. In 1985, it was opened up for commercial use and it serves as the basis for all wireless communications within the Schlage wireless access portfolio.
    2) There are 15 user selectable channels, and each has 65,535 unique addresses. That’s nearly a million combinations! This is the reason hundreds of wireless devices thrive in dense installations with several hundred locks installed in a single building.
    3) All transactions are initiated at the door. This is to prevent rogue personnel from intercepting and replaying RF signals to spoof the door to unlock. With this method, unauthorized attempts to unlock the door are simply ignored.
    4) Because trouble signals such as lose of communication, low battery and reader tamper are reported in real time, administrators are able to take immediate action to secure the premises. In addition, they have the ability to view digital video should the system incorporate these capabilities.
    5) Having real-time transaction reporting as an integral capability, you can also receive notifications such as unauthorized access attempts, use of a lost or stolen card, and doors propped open.
    To learn more, give us a call. We’ll be glad to meet with you to show how Schlage wireless access products can provide proven, secure, and high-value solutions to your customers.
    Best regards,
    Lester LaPierre
    Marketing Manager
    Electronic Security

  4. May 29, 2007 at 10:05 am

    Thanks for responding, Lester. I don’t buy your argument that you had limited space on the card. That’s what marketing is all about – getting the message to the right audience in whatever medium you select. You selected the medium, but didn’t nail the message.
    But with about 4000 hits on this post in 4 days, your more detailed response may have gotten the message out better than you intended.
    It’s clear you understand the technology, Les. So Maybe it’s time to hit up IR management for more marketing budget.

  5. December 28, 2009 at 11:09 am

    Sadly, many companies like this do not even make their own websites. So, you probably shouldn’t read too much into the company based on their site. Still, it clearly is at least fairly telling…

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: