I read with great interest Matt Blaze's paper,
"Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks"
It is always difficult to be sure that an attack is completely novel in the sense of not having previously been discovered independently; the lack of a coherent and open body of literature on locks makes it especially so. In this case, several correspondents have suggested that similar approaches to master key reverse engineering have been discovered and used illicitly in the past. However, there do not appear to be references to this particular attack in the written literature of either the locksmith or underground communities.
I was able to supply him with two references to earlier descriptions of the attack, in one case 15 years ago.
2.2.2 The Attack
For each pin position, p from 1 to P , prepare H - 1 test keys cut with the change key bitting at every position except position p. At position p, cut each of the H -1 keys with each of the possible bitting heights excluding the bitting of the change key at that position. Attempt to operate the lock with each of these test keys, and record which keys operate the lock.
With the following item from (note 1987)
From firstname.lastname@example.org (Doug Gwyn) 12-Nov-1987 17:36:05
Subj:  Re: mastered systems
"Obtain one extra key blank per pin column (7 for the typical institutional Best lock); duplicate the operating key except for one column on the blanks, omitting a different column on each blank. Then, for each blank, try it with the omitted column cut to number 0 (high), then 1, then 2, ... and record which bittings open the lock. That tells you what the splits are in that column. The whole set of trials tells you what all the splits are in all columns."
And similar (note 1994)
From: email@example.com (Jay Hennigan)
Subject: Master key hacking Was:Re: Legality of picks...
Date: 9 Feb 1994 20:53:13 -0800
If you have a "change" (industry term for normal non-master) key and the lock that it fits, as a guest in a hotel would, as well as a number of blanks, you can do the following: Cut a key identical to your key, but with the first pin position uncut or a "0" cut. Try it in the lock. If it works go on to step 2. If not, take the first pin down one depth using a key gauge or micrometer (or a Le Gard or other code cutting machine). Try it again until the key works. When you hit the depth of the cut on your original key, it should obviously work, as the keys should be identical. If so, continue going deeper. You are likely to find a depth on the first pin _in addition_ to the one on your key that opens the lock. If not, then cut another blank with the first position identical to yours, and the second one at the top or "0" cut.
Step 2: Repeat as above with the next pin position.
The object is to find the cut at each pin position that is different from the single-lock key you have, but still opens the lock. This will be the master key bitting. Having two different keys (and locks) from two different areas of the masterkeyed system will make things a bit easier, as you'll have a way of cross checking, especially if there are more than two breaks in some pins. This exercise, if you're precise, and lucky, can take as few as 5 or 6 key blanks. At most, a dozen. No real skill in picking or impressioning is needed. [... rest of article snipped]
Update: There's some interesting commentary on Dave Farber's IP list:
Donald Eastlake commentary:
Bob McClure commentary:
Matt Blaze reply message, "Keep it secret, stupid!":
And a thread on the newsgroup alt.security.alarms
There's also discussion with postings from Matt Blaze himself,