Posted by Klaus on July 05, 2001 at 11:09:46:
In Reply to: Re: security question for magically inclined posted by Ian McColl on July 03, 2001 at 08:58:51:
Dear Ian,
Thank you for taking the time of answering my posts.
>> Explicitly I did *not* ask how to pick a lock.
>
> I know you didn't but the secret doesn't have to be even how to pick a lock,
> just knowing what can be picked is also a secret.
> As a locksmith myself successfully opened with my own tools and own method
> several particular high security locks. 7 years ago, as a trade school teacher,
> I lectured to other locksmiths on the subject and with weeks to months,
> the manufacturers had altered their locks.
If you as a crook had lectured to fellow crooks, these would not have
told the manufacturers, and maybe the police would have found rising
numbers in their burglary statistics in some Australian county, eventually.
Maybe I repeat myself, but in the domain of computing and networking
the open sharing of security deficiencies of products has resulted
in securer and more trustworthy programs. In particular 'open source'
code can hugely benefit from being checked by many people who share
their findings, not the least to the programmers.
> "security" means "peace of mind" so if you are happy with your lock
> and feel safe it's fine, most people do. if you something to fear
> from anybody other than criminals, get really difficult locks.
Well, personal feel can be quite treacherous, as one can easily
experience some massive disappointment. On a different line, an
item of value has gone missing, you suspect tampering of the lock,
but your insurance company finds no damage to the lock and furthermore
classifies your lock as being a reliable model. What a chance of putting
your reputation in jeopardy, you who did not fake the disappearance.
How does a lock work, in particular a cylinder lock?
Each of the pins is asking a question to your key,
and it only opens if all the answers are correct.
Most of the designs allow probing of the individual pins
with tools, so one does not have to cut a new key each time.
A low quality design has mechanical tolerances so one does not
need to provide a precise answer but close is close enough.
A weak design now allows one to ask these questions individually,
and you find the answer to question one, then to question two
and so on sequentially. I understand this being the essence to lock picking.
A trustworthy design makes it impossible (well, difficult I have learned)
to extract these answers piecemeal. More generally, it maximises the number
of attempts (and time in praxis) you have to make before it gives way.
One way of making a secure lock could be to completely encapsulate the
key inside the lock after insertion before the key shape is tested.
One could still feel and listen to the lock, but no longer pick it
as there would not be an open key hole after key insertion.
> Consider the locksmith that has to open a cheap padlock, fixed to a gate
> when it's 6 foot off the ground and it's raining at night.
> many handcuffs are designed to make it difficult just to get to the lock when applied the correct way.
True, but I had wanted to exclude this in concentrating on the lock mechanism.
Beyond the locking mechanism of handcuffs it is important you just cannot break
your restraints in using brute force and keeping the lock out of reach, sure.
My personal favourite for this is the cup lock cuff/shackle where cuff and
lock can be kept in separate locations. Less favoured today are restraints
which are permanently welded, soldered, riveted or glued shut, the closed one
finds in shops today are the one-way cable binders one has to cut open.
Maybe I should share a story about a prisoner who pulled off an escape from
his cell in Stuttgart City jail in 1942. Prison authorities in those times had
reintroduced the cup lock shackles. The story is told in a Ludwigsburg museum.
The prisoner had been cuffed behind his back plus one leg secured in a cup lock shackle
and the chain passed through the wall and locked outside the cell.
1) He managed to pass his handcuffed hands to the front.
2) He managed to break the comparatively flimsy handcuff chain with a
piece of metal which he found in the heel of his shoes.
3) He had tricked the door or the lock of the door so it did not close properly.
4) He was able to break the lock on the chain outside the cell.
What is interesting in this example is that actually none of the locks needed
to be picked. (1) is a problem of long arms combined with a long chain between
the cuffs, (2) is a problem of mechanically breaking the restraints helped
by some makeshift tool, (3) is as close as one gets to picking locks, as
the door was prevented from locking properly, (4a) is a design fault as once
the door was open the chain anchoring point was within his restricted reach
and (4b) is mechanical weakness of the locking bolt.
Regards
Klaus