Physical security and cryptography can learn from each other, part 11367:
-
@mattblaze I suspect there is a square-root law here, where optimum balance between the "wandering guest" threat and the "found keycard" threat is achieved by allowing elevator access to the square root of the total number of floors (your own, plus some randomly selected floors)
@mvaneerde @mattblaze
The maximal security approach is for the key card to only given access to a random floor (excluding the floor the room is on). -
In other words, restricting the elevator in this way is a bad tradeoff. It makes it harder for guests to visit their friends on other floors, but it reduces the complexity for an outsider burglar from O(|rooms|) to O(|floors|) + O(|rooms-per-floor), a much more feasible search space.
@mattblaze I've also seen some hotel elevators where you swipe your keycard and it selects the correct floor for you, removing the O(floors) component.
-
@mattblaze I've also seen some hotel elevators where you swipe your keycard and it selects the correct floor for you, removing the O(floors) component.
@th @mattblaze yeah i encountered that recently in germany and was just like ????????????? why
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze OK but: I forget my room number sometimes, they do not always ask to see the ID before they give me my room number. They mostly ask for my first name only.
I once left the key card in my room, mixed up the digits and got a replacement card for the wrong room
-
@mattblaze I suspect there is a square-root law here, where optimum balance between the "wandering guest" threat and the "found keycard" threat is achieved by allowing elevator access to the square root of the total number of floors (your own, plus some randomly selected floors)
@mvaneerde @mattblaze not counting the reception floor, the wellness floor, the restaurant floor, and the garage floor, of course
-
@th @mattblaze yeah i encountered that recently in germany and was just like ????????????? why
@ariadne @th @mattblaze What if you wanted to have a drink at the rooftop bar before going to your room?
-
@ariadne @th @mattblaze What if you wanted to have a drink at the rooftop bar before going to your room?
@rhelune @th @mattblaze exactly
-
Practical advice: Put your hotel room key in a different pocket than the holder. (The paper holder has your room number on it.)
@JeffGrigg @print @canacar @mattblaze Take a photo of the paper sleeve, leave it in the room. I always know which room is mine by the "do not disturb" hanger, additionally, the thief is less likely to try such a room.
-
@ariadne @th @mattblaze What if you wanted to have a drink at the rooftop bar before going to your room?
@rhelune
Oh, no hotel will restrict access to a bar. They're always free floors.
@ariadne @th @mattblaze -
@rhelune
Oh, no hotel will restrict access to a bar. They're always free floors.
@ariadne @th @mattblaze@hypostase @ariadne @th @mattblaze Yes but you do not want to be taken to the wrong floor just because you swiped your keycard. If the lift acted that way, I would suspect a prank (or worse): https://youtu.be/1Un_oHaf798
-
@hypostase @ariadne @th @mattblaze Yes but you do not want to be taken to the wrong floor just because you swiped your keycard. If the lift acted that way, I would suspect a prank (or worse): https://youtu.be/1Un_oHaf798
@rhelune
I was almost expecting the Scotsmen.
@ariadne @th @mattblaze -
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze what if typing a wrong floor bring the elevator to the security reception that thank you for bringing a lot keycard ?
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze a moot point as anytime I have misplaced a room key I have gotten a new card at the front desk with very little effort.
-
the solution is for the hotel itself to drop keycards around the hotel and in the surrounding area
then when that honeypot keycard is used on the elevator it takes the potential burglar to the basement where a burly guy named Steve is waiting for them with a grin
@benroyce @mattblaze It's a funny idea, but as I'm sure you'll know this isn't like dropping your file/USB stick, it's not unlikely a customer will misplace their card and then 'miraculously find it again' in the surrounding area, as that's what they walked past
-
@mattblaze I enjoy the idea, but are you sure they don't print the room number for security reasons? I was under the impression it was because they reprogrammed them when they gave them to you
@mfdeakin @mattblaze It's easy enough to decide. Are hotels interested in security or in cost? If the room number was on the key, it's extra cost to manufacture, it's extra cost because you'd need twice as many to allow for losses, it's extra cost because you'd need racks to store them, it's extra cost because reception would have to sort returned keys
So instead of having the room number on the key, it's quickly handwritten on the card folder, and you'd never lose that with the key
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze "Let's align this cheese slice with this other cheese slice."-infosec
-
@ariadne @th @mattblaze What if you wanted to have a drink at the rooftop bar before going to your room?
@rhelune Also annoying if you are staying at a hotel with a group of friends (e.g. for an event). Then you cannot easily go to their floor and have to always meet in the lobby.
EDIT: OK I am an idiot, @mattblaze already covered this exact point! 🤪
>… harder for guests to visit their friends on other floors…
-
@print @JeffGrigg @canacar @mattblaze I've seen worse than not remembering which room you were in. On a trip to southern France, I had to get up early on my final day to get to the airport. I took a cab. As I was about to get in some shirtless British guy, obviously up all night, was asking for help - he couldn't remember where his hotel was (and probably not its name either), and was quite rude when the driver couldn't help. I mentioned a map at the train station (if only to get rid of him)
@canacar Friends were drunk and we saw them get into a taxi on the other side of the street from the hotel. Five minutes later, they were dropped off at the hotel by the taxi driver, who’d taken them around a few blocks.
-
@mattblaze I enjoy the idea, but are you sure they don't print the room number for security reasons? I was under the impression it was because they reprogrammed them when they gave them to you
@mfdeakin @mattblaze
They don't print the room number because they don't have a printer for the cards. (And there's probably a policy against marker pens on stationary orders, for this reason.) -
@rhelune Also annoying if you are staying at a hotel with a group of friends (e.g. for an event). Then you cannot easily go to their floor and have to always meet in the lobby.
EDIT: OK I am an idiot, @mattblaze already covered this exact point! 🤪
>… harder for guests to visit their friends on other floors…
@ruari @rhelune @ariadne @th @mattblaze
Hotels don't want guests visiting each other's rooms. They want guests meeting each other profitably in the bar. (Also make it easier to charge the prostitutes their ground rent.)
