Generating code numbers for padlock keys
John Schutkeker
Does anyone know if padlock manufacturers use a mathematical algorithm to
hash the depths of a key's teeth into the code numbers stamped on the keys?
Or did the manufacturers generate the hash table with an irreproducible
method, like the machine that generates the winning numbers for the evening
lottery, and then just use the table?
I'm only thinking of Master padlocks, here, since they're the most
commonplace, with what looks like a fairly simple hash function to map one
four digit number into another four digit number. I've seen another system
that maps the key cut of a a four pin padlock into a string of six
characters, containing five digits and one letter, but I don't want to get
involved with that method, yet.
Billy B. Edwards Jr.
random numbers selected continuously to select the next combination
chosen from a standard table. See the link for an example of the only
commercial program I am aware of for this.
BBE.
http://www.locksoft.com/slg.htm
John Schutkeker
news:3EEB40D6...@thelockman.com:
> It's a little better than that.
> See the link for an example of the only
> commercial program I am aware of for this.
> http://www.locksoft.com/slg.htm
I've seen this kind of software before, but the vendors never give any
information about exactly how the program works, because then you could
write your own program, and you wouldn't need to buy theirs. There's no
indication whether an actual pseudo-random number generator is involved, or
if the software just automates the same actions locksmiths take to get the
key cuts, ie. looking them up in a table that is stored verbatim in memory.
> Typically such lists are based upon
> random numbers selected continuously to select the next combination
> chosen from a standard table.
It sounds like you're saying that they encode the data twice - once to
generate the "standard table" and a second time to index into that table.
And it sounds like you said the second of the two encryptions uses a
pseudo-random number generator (PRNG).
If true, this is a process known as "superencipherment" by cryptographers,
in which you encode data a second time that has already been encoded once,
but with a different algorithm. Do you know which specific PRNG they use
to index into the standard table, and how was the table generated in the
first place? Did they use another PRNG or a different method?
The most common PRNG is a linear algorithm modulo n, which is
y = (ax + b) mod n,
where a and b are the cryptographic "keys," not to be confused with the key
to the lock, and n is the maximum cut integer, which would be 9999 in a
four pin lock with ten possible depths for each cut.
If the data were only enciphered once, a linear PRNG would be the obvious
way to do it, but I'm pretty sure that applying a linear PRNG twice in a
row would be the no different from doing it just once. So, assuming that
the process is entirely mathematical, and doesn't involve something
equivalent to picking numbers from a hat, there must be a second algorithm
used to generate the table.
The two that suggest themselves are a polynomial PRNG similar to the linear
one above, of which the quadratic method is the simplest, ie.
y = (a*x^2 + b*x +c) mod n,
but you could use any order polynomial less than n, in increasing order of
complexity, although if there were n cryptographic keys, the situation
would be no different from using some mechanical method that couldn't be
reproduced mathematically, like the winning number generator for the
lottery that I mentioned before.
Since the PRNG I mentioned above would be an implementation of a
substitution cipher, the other method that suggests itself is a
transposition cipher, where you simply shuffle the four digits according to
some arrangement specified beforehand.
When there are only four digits, a transposition cipher that shuffles them
would be the next thing to trivial, and I can't imagine they're using
something quite that primitive.
Do you know whether any of these ideas I've proposed are on the right
track, or is their PRNG something more complex than the modulo n
polynomial, which I have never been exposed to.
Also, do you know whether the digits are encrypted separately or as a four
digit number? And do you know how they handle the question of cut integers
that are almost certainly in a number base less than base ten, and what is
that base, for Master padlocks?
Since it involves both locksmithing and cryptography, this looks like a
very interesting problem to me, and I'd dearly love to study as many of the
technical specifics as are commonly known among practitioners.
Jim Gaynor
adjacent pinnings cannot (should not) deviate by more that a ceratin number
of bitting steps. Also certain codes such as 5-5-5-5-5 or N - N+1 - N+2 -
N+3 - N+4 could be problematical and would have to be filtered out of any
true random number generator.
"John Schutkeker" <jschu...@cs.com> wrote in message
news:Xns939AAC7E7EC38...@205.188.138.161...
Henry E Schaffer
John Schutkeker <jschu...@cs.com> wrote:
>Does anyone know if padlock manufacturers use a mathematical algorithm to
>hash the depths of a key's teeth into the code numbers stamped on the keys?
>Or did the manufacturers generate the hash table with an irreproducible
>method, like the machine that generates the winning numbers for the evening
>lottery, and then just use the table?
Lock manufacturers have an incentive to avoid using any method which
would allow deriving the key cuts from the "code number" which can be
seen by people you want to keep out. The serial number or code number
visible on the lock shouldn't allow deriving the key cuts - or else the
lock would provide impaired security.
In the old days it was common to stamp the actual key cut depths *on
the key*. (That's a particularly simple algorithm. :-)
>I'm only thinking of Master padlocks, here, since they're the most
>commonplace, with what looks like a fairly simple hash function to map one
>four digit number into another four digit number. I've seen another system
>that maps the key cut of a a four pin padlock into a string of six
>characters, containing five digits and one letter, but I don't want to get
>involved with that method, yet.
If you have the key, then you don't need to decode the code numbers.
By the way, I don't think that the SKD List generator from Locksoft
http://www.locksoft.com/slg.htm does what you are asking about. It
produces a list of key cut-depths - and can list them in scrambled
order. With such a list, one could use the codes 1, 2, 3, 4, 5, etc. to
label keys.
--
--henry schaffer
h...@ncsu.edu
Stavros Jones
news:vLMGa.9444$gs5.4...@news4.srv.hcvlny.cv.net:
> i believe there may also be some mechanical considerations such as two
> adjacent pinnings cannot (should not) deviate by more that a ceratin
> number of bitting steps. Also certain codes such as 5-5-5-5-5 or N -
> N+1 - N+2 - N+3 - N+4 could be problematical and would have to be
> filtered out of any true random number generator.
I agree, and your examples follow logically from the one I gave, where all
teeth cut to the minimum depth. I am assuming that these are eliminated at
the last stage by deleting all unsatisfactory bittings according to yet
another table, which would contain all the unacceptable patterns.
It isn't too much of a stretch to suppose that it's done this way, since
all of the unacceptable patterns would be generated exactly the same way
you and I just did it, by inspection. The technical staff would look at
the problem and say "Wait a minute, we can't have any keys with this
particular shape. That would be completely stupid." So they'd just
generate a list of all the patterns that they could think of that would
fall into that category, and eliminate them at the last stage.
But I have seen some pretty weak key bittings. I'm just an occasional
dabbler, but I once saw a five pin key cut to 2-2-4-4-4, which seems weaker
than one should normally want. But then, it was on a door which was left
open all the time, anyhow...
However, there's no reason to delete them from the master table, especially
if it's presented as a two dimensional array when it's published in booklet
form. Remembering that tooth integers are probably in a base less than
base ten means that the 2-D array would have almost as many empty spaces in
it as data, which would be totally unacceptable. So it might not even be
possible to present the data in 2-D form, and they might have to fall back
onto a linear array, where the gaps from deleted bittings would just be
discarded.
Can anybody that's actually seen the table tell me whether it's printed as
a 1-D or a 2-D array, and if it has empty slots in it?
And if they are indeed using a mathematical method to generate the codes,
there would be no reason not to publish every possible code value, even the
ones that are never used. They'd just have to have some way to insure that
padlocks with the unacceptable bittings were never manufactured, which
would be implemented on the factory floor, not at the printer's shop.
However, I would like very much to find someone who knows for certain at
least some of the details about the algorithm that is used, since I can
think of so many ways in which it *might* be implemented. The whole
locksmithing profession is rife with rumors, folklore, and even bogus
mythology. You and I could be *way* off in our hypotheses, and never even
know it. Just because the linear PRNG modulo N is the most commonly used
PRNG, and the most famous, that doesn't have any bearing on which method
the directors at Master Lock chose to use. Who knows what kind of
convoluted system a creative engineer might dream up?
I still maintain that, as opposed to a pseudo-RNG, the best encryption
method is the *true* random number generator, which is very well
implemented by the machine that generates the evening's lottery numbers
every day on NBC before Jeopardy. They might have built a machine similar
to that one in the company's distant past, run it once to generate the
master table of key code mappings, and then forever after used the table
generated as the master table from which all others were copied.
That machine would be the cryptographer's equivalent of the "one time pad"
algorithm, and is commonly known to be uncrackable, since the numbers are
not generated mathematically. If that's what they've done, then my hope of
finding the cryptographic keys to the hash function would be a waste of
time.
Stavros Jones
news:bcg6t2$h74$1...@hes01.unity.ncsu.edu:
> John Schutkeker <jschu...@cs.com> wrote:
>>Does anyone know if padlock manufacturers use a mathematical algorithm
>>to hash the depths of a key's teeth into the code numbers stamped on
>>the keys? Or did the manufacturers generate the hash table with an
>>irreproducible method, like the machine that generates the winning
>>numbers for the evening lottery, and then just use the table?
> Lock manufacturers have an incentive to avoid using any method which
> would allow deriving the key cuts from the "code number" which can be
> seen by people you want to keep out. The serial number or code number
> visible on the lock shouldn't allow deriving the key cuts - or else
> the lock would provide impaired security.
That's true, however the problem of creating a reliable random number
generator is a notoriously difficult one in cryptography, and it's
compounded by the fact that it's much more efficient (ie. it's cheaper) for
the manufacturer to automate the process of generating the code numbers for
the keys. This was true in the days before computers, which can do such
table look-ups trivially, became so commonplace, so the algorithm would
have to be one that you could implement mechanically. You can't do table
lookups with the gears and levers of pre-1988 machine tools.
Furthermore, the idea of using a machine that generates truly random
numbers, like the one that generates the lottery results every evening
before Jeopardy, might strike most mathematically and mechanically inclined
people as being inelegant. Conceptually, it is no different from pulling
little slips of paper out of a hat, the ultimate in inelegance, although
the mixing is much more reliable.
Practically, there's really no difference at all between the concept of
having all the data in tabular form, for which booklets are available on
the open market, and having an equation. A crook can just as easily use
the tables to make keys for nefarious purposes as he can use an equation.
So the tables of code mappings that they print are just as big a security
flaw than the equation would be. If I wanted to commit crimes, I'd just go
across town to the local locksmith's supply house and buy the code book,
and at least one of our local locksmiths seems to think that this is what
crooks do.
So describing the mathematics of how those numbers are generated creates no
greater security flaw that was already built into the system through the
code books.
> In the old days it was common to stamp the actual key cut depths *on
> the key*. (That's a particularly simple algorithm. :-)
Another possible algorithm that they might use is also extremely primitive.
You could hash the digits individually, using a linear PRNG modulo N, where
N=10, four times consecutively for a four pin lock. How's that for stone
age?
>>I'm only thinking of Master padlocks, here, since they're the most
>>commonplace, with what looks like a fairly simple hash function to map
>>one four digit number into another four digit number. I've seen
>>another system that maps the key cut of a a four pin padlock into a
>>string of six characters, containing five digits and one letter, but I
>>don't want to get involved with that method, yet.
> If you have the key, then you don't need to decode the code numbers.
That's rather myopic, and I sincerely hope it's not the limit of your
vision. This is not about getting a key copied; this is about solving an
extremely interesting mathematical puzzle - one that bridges the two very
stimulating and cutting-edge fields of locksmithing and cryptology.
About thirty years ago, a famous escape artist named Jim Steranko, the
person on whom the heroes in the Pulitzer winning book "The Amazing
Adventures of Kavalier and Clay" was based, started writing a book called
Iron Puzzles, where he planned to publish all his secrets. (Steranko's
partner, incidentally, was a locksmith named Paolini.) Unfortunately
Steranko never published his magnum opus, even though he advertised it for
sale in his magazine, Mediascene.
My interest in solving this problem is exactly the same as Steranko's. I
just see them as really cool, mechanical puzzles to be deciphered, like the
Gordian Knot.
Ralph A. Schmid, DK5RAS
>Practically, there's really no difference at all between the concept of
>having all the data in tabular form, for which booklets are available on
>the open market, and having an equation. A crook can just as easily use
>the tables to make keys for nefarious purposes as he can use an equation.
>
>So the tables of code mappings that they print are just as big a security
>flaw than the equation would be. If I wanted to commit crimes, I'd just go
>across town to the local locksmith's supply house and buy the code book,
>and at least one of our local locksmiths seems to think that this is what
>crooks do.
This is exactly what I do not understand - how is it possible that
these code books even do exist?? Here in germany those books are not
common, standard cheap locks and keys simply do not have any numbers,
and the high security keys only can be duplicated in the factory,
together with a security card proviong the right to order them.
regards - Ralph
--
Want to get in touch? http://www.radio-link.net/whereisralph.txt
Ralph A. Schmid, DK5RAS
>My interest in solving this problem is exactly the same as Steranko's. I
>just see them as really cool, mechanical puzzles to be deciphered, like the
>Gordian Knot.
Ages ago this was solved with a sword; nowadays it is done with a
drill :))
Richard Phillips
magicians' periodical, Genii. This is vol29 #2, October 1964. It was
written when Steranko was still a young man, but he had already gained a
wealth of knowledge and performing experience. Much of what is in this issue
is still usable.
Richard Phillips
--
Remove 'xspam' to reply to:
rphil...@btinternet.com
"Locks & Keys", the collector's newsletter
3 issues pa, £10
"Stavros Jones" <e...@joes.com> wrote in message
news:Xns939AF2CDCFBCA...@205.188.138.161...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.487 / Virus Database: 286 - Release Date: 01/06/03
Stavros Jones
news:hk9oev4slnc8oi6ls...@4ax.com:
>>Practically, there's really no difference at all between the concept
>>of having all the data in tabular form, for which booklets are
>>available on the open market, and having an equation. A crook can
>>just as easily use the tables to make keys for nefarious purposes as
>>he can use an equation.
>>So the tables of code mappings that they print are just as big a
>>security flaw than the equation would be. If I wanted to commit
>>crimes, I'd just go across town to the local locksmith's supply house
>>and buy the code book, and at least one of our local locksmiths seems
>>to think that this is what crooks do.
> This is exactly what I do not understand - how is it possible that
> these code books even do exist?? Here in germany those books are not
> common, standard cheap locks and keys simply do not have any numbers,
> and the high security keys only can be duplicated in the factory,
> together with a security card proviong the right to order them.
We obviously do things differently in the US. We even have different laws
in different states. In New York, which has a much more extensive
experience with crime, only licensed locksmiths were allowed to buy items
like code books and picks. And of course, the license is issued by the
state, requires passing a detailed, technical test and swearing an oath of
honesty. But in Michigan, where I live now, you just drive over to the
supplier and buy the stuff. We even have a couple of "spy shops," where
you can buy picks and how-to books over the counter.
If you couldn't get the code books at a locksmith supplier, there'd be no
way for a locksmith to do his job, but your security is obviously a little
tighter in Germany. It seems patently stupid to me to have to send away to
the factory, just to get a stupid key made. Fer cryin' out loud, it's a
one dollar job.
I honestly doubt the utility of the code numbers, anyhow, since I've never
seen or heard of anyone using them. If you need a new key, you go to a
hardware store, and they cut it for you. If you lose the key, you cut the
hasp and buy a new lock, since they're only $5. Nobody writes down the key
codes and saves them in a file cabinet. It just isn't done.
Stavros Jones
>>My interest in solving this problem is exactly the same as Steranko's.
>> I just see them as really cool, mechanical puzzles to be deciphered,
>>like the Gordian Knot.
> Ages ago this was solved with a sword; nowadays it is done with a
> drill :))
IMHO, Alexander cheated when he cut open the Gordian Knot, and this story
really says something about history unreasonably lionizes the people it
selects as great men.
If somebody handed me a lock cylinder and told me that there was a $5000
reward for the man who could pick it, and I smashed it open with a sledge
hammer. Nobody would think that I had solved the puzzle or won the prize.
Why does Alexander get a free pass? Just because he won a lot of wars?
Gimmee a break!
Ralph A. Schmid, DK5RAS
>We obviously do things differently in the US. We even have different laws
>in different states. In New York, which has a much more extensive
>experience with crime, only licensed locksmiths were allowed to buy items
>like code books and picks. And of course, the license is issued by the
>state, requires passing a detailed, technical test and swearing an oath of
>honesty. But in Michigan, where I live now, you just drive over to the
>supplier and buy the stuff. We even have a couple of "spy shops," where
>you can buy picks and how-to books over the counter.
In germany locksmiting is not regulated by special laws.
>If you couldn't get the code books at a locksmith supplier, there'd be no
>way for a locksmith to do his job, but your security is obviously a little
>tighter in Germany. It seems patently stupid to me to have to send away to
>the factory, just to get a stupid key made. Fer cryin' out loud, it's a
>one dollar job.
It is the opposite, handing out no blanks makes the security much
tighter than in the US. It is almost impossible to produce
unauthorized keys here. And when high security lock manufacturers
allow some special trained shops to cut keys this is only possible for
keys and locks which where sold exactly from this single shop, and the
keyways usually differ fromt the factory keyway to prevent the
locksmith from making unauthorized dupes, or from being stolen. I
woiuld dislike the thought that all data of my high security keys are
kept in a small shop, and someone could steal them or could pay the
locksmith some extra $$$ to close both eyes and make a key without my
authorization.
>I honestly doubt the utility of the code numbers, anyhow, since I've never
>seen or heard of anyone using them. If you need a new key, you go to a
>hardware store, and they cut it for you. If you lose the key, you cut the
>hasp and buy a new lock, since they're only $5. Nobody writes down the key
>codes and saves them in a file cabinet. It just isn't done.
The same here in germany, but only for the cheap locks, and these even
do not have a number imprinted. But nowadays more and more better
locks are in use; more difficult to pick, and more difficult to get
unauthorized keys for!
Ralph A. Schmid, DK5RAS
>IMHO, Alexander cheated when he cut open the Gordian Knot, and this story
>really says something about history unreasonably lionizes the people it
>selects as great men.
>
>If somebody handed me a lock cylinder and told me that there was a $5000
>reward for the man who could pick it, and I smashed it open with a sledge
>hammer. Nobody would think that I had solved the puzzle or won the prize.
>
>Why does Alexander get a free pass? Just because he won a lot of wars?
>Gimmee a break!
I have no idea. But who knows today what storys are true, and what is
just a fake?
Henry E Schaffer
Stavros Jones <e...@joes.com> wrote:
>h...@hes01.unity.ncsu.edu (Henry E Schaffer) wrote in
>news:bcg6t2$h74$1...@hes01.unity.ncsu.edu:
>
>> John Schutkeker <jschu...@cs.com> wrote:
>
>>>Does anyone know if padlock manufacturers use a mathematical algorithm
>>>to hash the depths of a key's teeth into the code numbers stamped on
>>>the keys? Or did the manufacturers generate the hash table with an
>>>irreproducible method, like the machine that generates the winning
>>>numbers for the evening lottery, and then just use the table?
>
>> Lock manufacturers have an incentive to avoid using any method which
>> would allow deriving the key cuts from the "code number" which can be
>> seen by people you want to keep out. The serial number or code number
>> visible on the lock shouldn't allow deriving the key cuts - or else
>> the lock would provide impaired security.
>
>That's true, however the problem of creating a reliable random number
>generator is a notoriously difficult one in cryptography, and it's
>compounded by the fact that it's much more efficient (ie. it's cheaper) for
>the manufacturer to automate the process of generating the code numbers for
>the keys. This was true in the days before computers, which can do such
>table look-ups trivially, became so commonplace, so the algorithm would
>have to be one that you could implement mechanically. You can't do table
>lookups with the gears and levers of pre-1988 machine tools.
I think you are greatly overestimating the difficulty of this task.
The situation with respect to locks is *very* much different than with
cryptography.
The lock manufacturer has no problem in generating a list of "key
codes" (= pin heights for a cylinder) - using rules such as maximum
adjacent difference, etc. Then the manufacturer may want to manufacture
these in some "randomish" order (i.e., not sequentially) and possibly to
identify them with a "code" (label identifying the "key code"). Even a
rather primitive randomizer will be pretty good because not much data
will be available for anyone to "crack" this.
With encryption one can get fairly large amounts of encrypted text to
use in cracking. But with locks, one typically has that one lock - or
perhaps just a few - to use. (Analogy - monoalphabetic substitution is
a very primitive encryption method - yet if I tell you that the
encrypted output is "a", you won't have the slightest idea of the clear
text input which produced this.
> ...
>Practically, there's really no difference at all between the concept of
>having all the data in tabular form, for which booklets are available on
>the open market, and having an equation. A crook can just as easily use
>the tables to make keys for nefarious purposes as he can use an equation.
Practically there is an enormous difference.
First of all the booklets are not available on the open market. The
legitimate sellers (locksmith suppliers) will not sell these to people
without locksmith ID, and then they are fairly expensive. Some other
outlets (e.g. e-Bay) don't deal in these. I'm sure that there are many
illegal sellers, but it is hard to find them and there may be risks
involved. Hardly the same as "available on the open market."o
An equation can, and would be circulated widely and would be easily
available to all and without cost. This is a qualitatively different
situation than a booklet.
>So the tables of code mappings that they print are just as big a security
>flaw than the equation would be. If I wanted to commit crimes, I'd just go
>across town to the local locksmith's supply house and buy the code book,
>and at least one of our local locksmiths seems to think that this is what
>crooks do.
I'm sure that some of this happens. But have you actually tried to go
across town and see what code books cost, how many would be needed, and
if they would sell them to you? Why don't you try this as an
experiment for a group of code books such as HPC's "General Code Book
Set, Padlock Code Books and Foreigh Code Book?
Let us know what they would cost, and whether they would sell them to
you.
>So describing the mathematics of how those numbers are generated creates no
>greater security flaw that was already built into the system through the
>code books.
I think I've explained that this is not the case.
>> In the old days it was common to stamp the actual key cut depths *on
>> the key*. (That's a particularly simple algorithm. :-)
>
>Another possible algorithm that they might use is also extremely primitive.
>You could hash the digits individually, using a linear PRNG modulo N, where
>N=10, four times consecutively for a four pin lock. How's that for stone
>age?
Why do anything? Given the key with the depths stamped on them makes
it easier to read them than to measure the depths. (It takes less than
1 minute to measure 5 or 6 depths.) If the digits in the key code are
hashed/encrypted - it would probably be easier and faster to simply
measure the depths than to decrypt a code.
> ...
>> If you have the key, then you don't need to decode the code numbers.
>
>That's rather myopic, and I sincerely hope it's not the limit of your
>vision.
Why do you want to make a problem more difficult than it needs to be?
>This is not about getting a key copied; this is about solving an
>extremely interesting mathematical puzzle - one that bridges the two very
>stimulating and cutting-edge fields of locksmithing and cryptology.
It may not be interesting at all. If the codes are chosen in some
kind of haphazard mish-mash way - then the problem is not only
uninteresting but pretty much unsolvable.
> ...
>My interest in solving this problem is exactly the same as Steranko's. I
>just see them as really cool, mechanical puzzles to be deciphered, like the
>Gordian Knot.
IMHO you haven't demonstrated that it is much of a cool puzzle.
--
--henry schaffer
h...@ncsu.edu
Billy B. Edwards Jr.
realize that the codes for Master padlocks were originated in 1931 when
they started making the 4 pin padlocks. Up until that time they had
only made warded locks.
In 1931 they didn't have a computer and the code listings were created
by hand. In such instances a standard progression list was made and
then one of two options taken for pulling them from that list and making
the permanent code list. One was to cut up the paper list and put it in
a hat so-to-speak and then pull them out at random. The other was to
put the list on a wall somewhere and play darts. Both methods are
essentially uncrackable.
As for the Locksoft program, I wrote the specification for it and did
some of the debugging. I am not a programmer, but my specification
resulted in a code listing that matches the pull it from a hat result.
There are rule sets in the program that are set by the user for the
number of pins, the number of positions that may be the same side by
side or in total, the maximum difference that must be present in each
combination, how many positions must have a difference, the MACS and the
sequence of progression. On top of that, the key bitting array may be
altered by the user in a couple of ways in that they can rearrange the
numbers in it and they can eliminate some numbers if they want to. The
user may also select if they want the listing scrambled or not and if
they want blind reference codes or not.
The program create a table list via numerical progression and then
creates another table from that one using a random number generator to
select a different random number for each number selected from the first
table. Once that is completed, the process is repeated from the second
table to the third table and then a list is printed from that table.
In my opinion it can produce an uncrackable list and you can take the
exact same parameters to produce a listing on the same computer at a
different time or on a different computer at the same time and the
resulting lists will always be different, I know because I tried it.
BBE.
Stavros Jones
> In germany locksmiting is not regulated by special laws.
I guess that it makes sense that German engineers would realize that very
few people write down the code numbers on their keys, so there's no reason
to waste time stamping them, and to notice that for high security
applications, access to duplicate keys has to be tightly controlled.
All we do over here is stamp "Do Not Duplicate" on our keys, which can be
defeated simply by covering the words with a piece of masking tape. But
over here, most of our amateur locksmiths come from the better engineering
schools, and they know better than to break the law.
Guys like me just do it for fun, cause it's cooler than doing crossword
puzzles.
>>It seems patently stupid to me to have to
>>send away to the factory, just to get a stupid key made. Fer cryin'
>>out loud, it's a one dollar job.
> handing out no blanks makes the security much tighter than in the US.
I'm surprised that an enterprising businessman doesn't start a company
making the restricted blanks, since there would be a lot of pent-up demand
for them. After all, the keyway is an exact template for the blank, so it
shouldn't be too hard to reverse engineer the blanks from a single
cylinder. Total cost - $10.
> I would dislike the thought that all data of my high security keys are
> kept in a small shop, and someone could steal them or could pay the
> locksmith some extra $$$ to close both eyes and make a key without my
> authorization.
I am unceasingly amazed at how jealously American locksmiths guard their
secrets. I have tried many times to pry information out of them, and have
very rarely succeeded. I think that they realize that they can be fired
for dishonesty, or sued, just the same as anybody else, and that with a bad
reputation, they might never work again.
And whose shop could be more secure against thefts than a locksmiths? They
really have a very secretive guild over here.
> The same here in germany, but only for the cheap locks, and these even
> do not have a number imprinted. But nowadays more and more better
> locks are in use; more difficult to pick, and more difficult to get
> unauthorized keys for!
I've actually had good luck picking Master padlocks, which out our most
important manufacturer. That is kind of a shame, since they're so common.
There's a serious flaw in the keyway design, and the very top of it is
straight, when it should be angled slightly. That allows the intruder to
hold his picks straight, instead of at an angle, which would make them more
prone to jamming in the keyway.
But I was completely unsuccessful with an off-brand lock I bought at Sears,
which I think it might have been German, to boot.
I may be wrong, but I think I've successfully picked every 4-pin Master
padlock I've ever tried, although that's only 2 or 3 units. In my old job
I got shouted at for opening a garage door, where my office was, just so I
could let in the beautiful weather outside. That was because they were
trying to save on air conditioning bills. But it was my freakin' office!
When I did that, one of my buddies just quietly said "Jeez, you're
powerful."
Stavros Jones
>>IMHO, Alexander cheated when he cut open the Gordian Knot, and this
>>story really says something about history unreasonably lionizes the
>>people it selects as great men.
>>Why does Alexander get a free pass? Just because he won a lot of
>>wars? Gimmee a break!
> I have no idea. But who knows today what storys are true, and what is
> just a fake?
I can't see any reason to suppose that this story is fake. Why do you
think it might be?
Ralph A. Schmid, DK5RAS
>I'm surprised that an enterprising businessman doesn't start a company
>making the restricted blanks, since there would be a lot of pent-up demand
>for them. After all, the keyway is an exact template for the blank, so it
>shouldn't be too hard to reverse engineer the blanks from a single
>cylinder. Total cost - $10.
This is one of the things that _are_ regulated by law; but nothing
special for locksmithing, just patent laws. This makes it illegal to
dupe these blanks to sell them.
>I am unceasingly amazed at how jealously American locksmiths guard their
>secrets. I have tried many times to pry information out of them, and have
>very rarely succeeded. I think that they realize that they can be fired
>for dishonesty, or sued, just the same as anybody else, and that with a bad
>reputation, they might never work again.
Yes, in most cases here it is absolutely the same, but I guess there
are black sheep now and there.
Roger Shoaf
But
> over here, most of our amateur locksmiths come from the better engineering
> schools, and they know better than to break the law.
>
Where do you get this kind of information?
--
Roger Shoaf
If you are not part of the solution, you are not dissolved in the solvent.
Billy B. Edwards Jr.
Stavros Jones wrote:
<snip>
> All we do over here is stamp "Do Not Duplicate" on our keys, which can
> be defeated simply by covering the words with a piece of masking tape.
There are many patented systems available in the US.
> But over here, most of our amateur locksmiths come from the better
> engineering schools, and they know better than to break the law.
I disagree, most of them come from Popular Mechanics, those classified
ads in the back. They take the course and then just don't go into
business because it isn't as easy as the advertising says it is.
<snip>
> I'm surprised that an enterprising businessman doesn't start a company
> making the restricted blanks, since there would be a lot of pent-up
> demand for them. After all, the keyway is an exact template for the
> blank, so it shouldn't be too hard to reverse engineer the blanks from
> a single cylinder. Total cost - $10.
Maybe the enterprising businessman doesn't want to spend his time in
court as the result of making patent protected keys. I hope you don't
honestly believe it would only cost $10 to reverse engineer a key blank
and produce it.
BBE.
Henry E Schaffer
Stavros Jones <e...@joes.com> wrote:
>"Ralph A. Schmid, DK5RAS" <nos...@radio-link.net> wrote in
>news:gsapevsheqasdrna9...@4ax.com:
>> handing out no blanks makes the security much tighter than in the US.
>
>I'm surprised that an enterprising businessman doesn't start a company
>making the restricted blanks, since there would be a lot of pent-up demand
>for them. After all, the keyway is an exact template for the blank, so it
>shouldn't be too hard to reverse engineer the blanks from a single
>cylinder. Total cost - $10.
You are right that it isn't hard to make blanks from scratch. Not
only are the keyways easily accessible, but so are cut keys. Making new
blanks on a milling machine (one at a time) is easy - and $10 each is
probably in the right neighborhood.
But if an enterprising businessman does this - and perhaps uses mass
production to greatly lower the per blank cost - how does he get the
word out to prospective buyers while keeping it a secret from the lock
manufacturers (who have patents etc. legal protection) and the law
enforcement authorities?
I.e., these could be sold on the black market - but that greatly
decreases potential volume - and still leaves open the possibility of
being caught.
So there is a major risk to this enterprising businessman - I'm not
sure how much he would have to charge to compensate him for this risk.
>> I would dislike the thought that all data of my high security keys are
>> kept in a small shop, and someone could steal them or could pay the
>> locksmith some extra $$$ to close both eyes and make a key without my
>> authorization.
>
>I am unceasingly amazed at how jealously American locksmiths guard their
>secrets. I have tried many times to pry information out of them, and have
>very rarely succeeded.
You can easily succeed if they judge that the information you want is
sufficiently general as to not pose a tangible security risk. (Well,
some are a bit more paranoid and won't talk about anything!)
> ...
--
--henry schaffer
h...@ncsu.edu
Steve001968
>From: "Ralph A. Schmid, DK5RAS" nos...@radio-link.net
>Date: 6/15/2003 3:59 AM Eastern Daylight Time
>Message-id: <hk9oev4slnc8oi6ls...@4ax.com>
>
>Stavros Jones <e...@joes.com> wrote:
>
>>Practically, there's really no difference at all between the concept of
>>having all the data in tabular form, for which booklets are available on
>>the open market, and having an equation. A crook can just as easily use
>>the tables to make keys for nefarious purposes as he can use an equation.
>>
>>So the tables of code mappings that they print are just as big a security
>>flaw than the equation would be. If I wanted to commit crimes, I'd just go
>>across town to the local locksmith's supply house and buy the code book,
>>and at least one of our local locksmiths seems to think that this is what
>>crooks do.
>
>This is exactly what I do not understand - how is it possible that
>these code books even do exist??
With regard to key codes in general: For convenience convenience often
undermines security and vice versa.
>Here in germany those books are not
>common, standard cheap locks and keys simply do not have any numbers,
>and the high security keys only can be duplicated in the factory,
>together with a security card proviong the right to order them.
With regard to the numbers stamped on keys themselves this is not a huge
security flaw. Someone with access to the key already knows the biting. Even an
inexperienced person could quickly teach themselves to read the biting at a
glance of a particular key with a little practice and depth and space info.
Given a little more time (10 - 20 seconds) they could simply make a trace of
it. Even w/o a key machine they could file a key to match in no time. As far as
"the high security keys only can be duplicated in the factory" Lockmasters now
sells a duplicator which can create the side milling and duplicate many of the
high security keys. Page 9 of 2003 Volume 1. Expensive? I'm sure it is (they
don't list a price). I'm sure other suppliers sell this or comparable machines
as well. The point is if someone with access to a key wants a dup bad enough
they will get it.
Remove "NOSPAM" from e-mail adress to reply.
Think guns in the right hands don't save lives and prevent crime? Please check
this link. There are thousands of examples with sources and dates.
http://www.nraila.org/ArmedCitizen.asp
Steve
Steve001968
>From: "Ralph A. Schmid, DK5RAS" nos...@radio-link.net
>Message-id: <gsapevsheqasdrna9...@4ax.com>
>
>Stavros Jones <e...@joes.com> wrote:
>
>>We obviously do things differently in the US. We even have different laws
>>in different states. In New York, which has a much more extensive
>>experience with crime, only licensed locksmiths were allowed to buy items
>>like code books and picks. And of course, the license is issued by the
>>state, requires passing a detailed, technical test and swearing an oath of
>>honesty. But in Michigan, where I live now, you just drive over to the
>>supplier and buy the stuff. We even have a couple of "spy shops," where
>>you can buy picks and how-to books over the counter.
>
>In germany locksmiting is not regulated by special laws.
>
>>If you couldn't get the code books at a locksmith supplier, there'd be no
>>way for a locksmith to do his job, but your security is obviously a little
>>tighter in Germany. It seems patently stupid to me to have to send away to
>>the factory, just to get a stupid key made. Fer cryin' out loud, it's a
>>one dollar job.
>
>It is the opposite, handing out no blanks makes the security much
>tighter than in the US. It is almost impossible to produce
>unauthorized keys here. And when high security lock manufacturers
>allow some special trained shops to cut keys this is only possible for
>keys and locks which where sold exactly from this single shop, and the
>keyways usually differ fromt the factory keyway to prevent the
>locksmith from making unauthorized dupes, or from being stolen.
This is fine and well for security. But it isn't very convenient. It's a
tradeoff. What happens when the single shop able to cut your keys goes out of
buisiness?
Here in the US people have either option. If convenience is more important go
with a non restricted keyway. If security is more important go the restricted
keyway route.
I
>woiuld dislike the thought that all data of my high security keys are
>kept in a small shop, and someone could steal them or could pay the
>locksmith some extra $$$ to close both eyes and make a key without my
>authorization.
Well whomever cuts/duplicates your keys has to have the blanks and knows the
biting. Unless you are going to have your own personal keyway and cut all your
own keys (possible and/or practical for the locksmith, not many others though)
then you have to trust someone.
>>I honestly doubt the utility of the code numbers, anyhow, since I've never
>>seen or heard of anyone using them. If you need a new key, you go to a
>>hardware store, and they cut it for you. If you lose the key, you cut the
>>hasp and buy a new lock, since they're only $5. Nobody writes down the key
>
>>codes and saves them in a file cabinet. It just isn't done.
>
>The same here in germany, but only for the cheap locks, and these even
>do not have a number imprinted. But nowadays more and more better
>locks are in use; more difficult to pick, and more difficult to get
>unauthorized keys for!
Or authorized keys. Which brings us straight back to convenience vs security.
Steve001968
>Date: 6/15/2003 10:26 PM Eastern Daylight Time
>Message-id: <Xns939BE3E98FA1B...@205.188.138.161>
>I'm surprised that an enterprising businessman doesn't start a company
>making the restricted blanks, since there would be a lot of pent-up demand
>for them. After all, the keyway is an exact template for the blank, so it
>shouldn't be too hard to reverse engineer the blanks from a single
>cylinder. Total cost - $10.
The keyways are generally patented. There are key machines which will mill the
side warding on the blanks, also a job any good machinist can do.
Steve001968
>Message-id: <Xns939B85610E69B...@205.188.138.161>
He likely "won a lot of wars" because of initiative and a good ability to
quickly strategize and solve problems. When I first started in this business I
tried to pick every lock that I needed to open. It didn't take long to realize
what a waste of time that was. In the real world efficiently solving problems
is key.
Steve001968
>Message-id: <Xns939BE427131FC...@205.188.138.161>
There are contradicting versions of this tale. Here is one:
http://www.livius.org/aj-al/alexander/alexander_t06.html
Roger Shoaf
"Henry E Schaffer" <h...@hes01.unity.ncsu.edu> wrote in message
news:bcn5kf$3rv$1...@hes01.unity.ncsu.edu...
>
> You are right that it isn't hard to make blanks from scratch. Not
> only are the keyways easily accessible, but so are cut keys. Making new
> blanks on a milling machine (one at a time) is easy - and $10 each is
> probably in the right neighborhood.
Have you ever tried it? Usually if someone has a milling machine the
minimum you can buy their time for is $20 (for someone with the machine in
his garage, a lot more for a pro.) an hour. When you consider exactly what
has to go into the process and the tooling required no way could you get
into the $10 ballpark.
Joe Kesselman (yclept Keshlam)
> I am unceasingly amazed at how jealously American locksmiths guard their
> secrets.
There's this little issue of responsibility, whether it comes to legal
liability or not. I've taught some things to some friends. There are
other friends whom I wouldn't teach because I didn't want to be
responsible for their doing something clever-but-stupid and getting
themselves in trouble. There are some things which I won't teach because
the world doesn't really need many more people doing them, and making
folks who want the knowledge _work_ for it is a useful and practical
filter (if they don't care enough to make the effort, they probably
don't care enough for it to matter.)
If you're willing to approach pros on a professional level, you can get
them to treat you with as much respect as you treat them. But it takes
paying your dues -- in time and in money -- to get there.
> really have a very secretive guild over here.
I sometimes wish it _was_ a Guild in the old sense, just to formalize
some of the above.
> I've actually had good luck picking Master padlocks, which out our most
> important manufacturer. That is kind of a shame, since they're so common.
They're common because they're cheap and durable, and sufficiently
secure for 90% of the common applications. How much security do you
really expect for $5?
Beware of boasting, though. Last time I said "Oh, it's a Master? I'll
have it open in five minutes" it happened to be one of the samples where
the error was all in the same direction and it did *not* want to open.
The gods love watching us make fools of ourselves.
--
Joe Kesselman, http://www.lovesong.com/people/keshlam/
{} ASCII Ribbon Campaign | "may'ron DaroQbe'chugh vaj bIrIQbej" --
/\ Stamp out HTML mail! | "Put down the squeezebox & nobody gets hurt."
John Schutkeker
>>I'm surprised that an enterprising businessman doesn't start a company
>>making the restricted blanks, since there would be a lot of pent-up
>>demand for them. After all, the keyway is an exact template for the
>>blank, so it shouldn't be too hard to reverse engineer the blanks from
>>a single cylinder. Total cost - $10.
> This is one of the things that _are_ regulated by law; but nothing
> special for locksmithing, just patent laws. This makes it illegal to
> dupe these blanks to sell them.
German patent laws certainly are different from American. Over here, a
subtle change to a well known design is considered too trivial to allow a
new patent. And our laws expire after seventeen years, which isn't really
a very long time, when you stop to think about it.
--
Jones!
John Schutkeker
news:10557922...@jaguar.syix.com:
> Where do you get this kind of information?
I went to MIT, so I'm in that category. We used to get word about CalTech
people doing the same stuff we were doing, even though there was no
crosstalk.
And Blaze just mentioned it in that paper everyone is bitching about in the
Schneier thread.
--
Jones!
John Schutkeker
news:3EEE4900...@thelockman.com:
>> All we do over here is stamp "Do Not Duplicate" on our keys, which can
>> be defeated simply by covering the words with a piece of masking tape.
> There are many patented systems available in the US.
Not simple pin-tumbler. What you're talking about is extremely obscure.
I've been to many, many lockmith shops and never seen a Sargent-Keso or a
magnetic pin-tumbler. Medeco is the only meaningful modified pin tumbler
that isn't either ubiquitous or obscure.
--
Jones!
John Schutkeker
>> But over here, most of our amateur locksmiths come from the better
>> engineering schools, and they know better than to break the law.
> I disagree, most of them come from Popular Mechanics, those classified
> ads in the back. They take the course and then just don't go into
> business because it isn't as easy as the advertising says it is.
I'm just parroting what Blaze said in the paper everyone is bitching about
in the Schneier thread. Plus I went to MIT. How much does Popular
Mechanics charge for locksmithing training manuals, and can I get the HPC
key code books through them?
--
Jones!
John Schutkeker
> But if an enterprising businessman does this - and perhaps uses mass
> production to greatly lower the per blank cost - how does he get the
> word out to prospective buyers while keeping it a secret from the lock
> manufacturers (who have patents etc. legal protection) and the law
> enforcement authorities?
The German guy said that there no laws regarding who can buy what parts,
and that all the enforcement is employed by means of the company guarding
being unwilling to release the blanks.
And it's amazing to me that something so trivial as changing a blank to fit
a different keyway can be patented. There are Himalayan mountains of prior
art.
> You can easily succeed if they judge that the information you want is
> sufficiently general as to not pose a tangible security risk. (Well,
> some are a bit more paranoid and won't talk about anything!)
If you show them you know the game, they'll treat you with respect. And if
you start telling them good secrets, their natural tendency is to tell you
theirs.
However, the most interesting question is "how do I defeat system X," which
has a huuuuge security risk. I still haven't found a locksmith who will
let me photocopy the Master Lock pages from his HPC manual, even though I'm
doing the cryptography, and not trying to break into people's gym lockers
to steal their wallets.
I've gotten to the point where I'm willing to swear whatever oath of
honesty the state requires for licensing, just because I'm so frustrated.
As the president said in 1974, "I am not a crook."
Besides 4-pin Masters be reliably picked just a few minutes, because the
keyway has a serious design flaw. Sears padlocks are infinitely more pick
resistant than Masters.
--
Jones!
John Schutkeker
> Have you ever tried it? Usually if someone has a milling machine the
> minimum you can buy their time for is $20 (for someone with the
> machine in his garage, a lot more for a pro.) an hour. When you
> consider exactly what has to go into the process and the tooling
> required no way could you get into the $10 ballpark.
I should have guessed that someone would see through my $10 exaggeration.
But nonetheless, I still maintain that there's enough market there to make
a fruitful business opportunity. Assuming, that is, that you aren't locked
out by patent laws or other laws.
--
Jones!
John Schutkeker
news:3eefb...@news1.prserv.net:
>> really have a very secretive guild over here.
> I sometimes wish it _was_ a Guild in the old sense, just to formalize
> some of the above.
How do you mean?
> Beware of boasting, though. Last time I said "Oh, it's a Master? I'll
> have it open in five minutes" it happened to be one of the samples
> where the error was all in the same direction and it did *not* want to
> open. The gods love watching us make fools of ourselves.
I can't argue with that, and boasting is a bad habit of mine, which I got
from my dad. But so far I'm batting a thousand on Masters - three out of
three, although nobody knows better than me that you're only as good as
your last conquest.
Does anybody know how to gaffe or rap a Master?
--
Jones!
John Schutkeker
news:20030617101652...@mb-m18.aol.com:
> He likely "won a lot of wars" because of initiative and a good ability
> to quickly strategize and solve problems. When I first started in this
> business I tried to pick every lock that I needed to open. It didn't
> take long to realize what a waste of time that was. In the real world
> efficiently solving problems is key.
But in the world of overachievers, like Alexander, finding or inventing an
unsolved or undiscovered problem is the true path to the treasure of
Indiana Jones' - fortune and glory.
But no matter how you slice it, untying a knot with a sword is breaking the
rules of puzzle solving. It's like looking up a scrabble word in the
dictionary before you decide to put down your tiles.
I'm an amateur and a hobbyist, and I do this for recreation, not profit.
You're a professional, and the fun aspect of the business is probably
behind you by now. Our motivations are direct opposites.
--
Jones!
Joe Kesselman (yclept Keshlam)
> subtle change to a well known design is considered too trivial to allow a
> new patent.
There is something in US law known as a design patent, which is
essentially a copyright on subtleties of a physical object (protecting a
specific instantiation rather than a concept). This can be used to
protect styling details, and your proposed "subtle change" might or
might not qualify.
(Homework: It's also worth looking up what "Registered US Patent Office"
really means.)
Joe Kesselman (yclept Keshlam)
> I've gotten to the point where I'm willing to swear whatever oath of
> honesty the state requires for licensing, just because I'm so frustrated.
Given what code books cost, it isn't surprising that folks are reluctant
to let you photocopy them. Besides, that would be over the line for fair
use, and thus a copyright violation.
If you want it badly enough, invest in getting it legitimately.
If it isn't worth that much to you, move on to another project.
> As the president said in 1974, "I am not a crook."
That particular example doesn't exactly support the argument.
--
Joe Kesselman, http://www.lovesong.com/people/keshlam/
O. R. K. Security Systems -- Full Service, Part Time
John Schutkeker
news:20030617101906...@mb-m18.aol.com:
> http://www.livius.org/aj-al/alexander/alexander_t06.html
<< Most authors tell the story that Alexander finding himself unable to
untie the knot, the ends of which were secretly twisted round and folded up
within it, cut it asunder with his sword. But Aristobulus tells us it was
easy for him to undo it, by only pulling the pin out of the pole, to which
the yoke was tied, and afterwards drawing off the yoke itself from below.
>>
This is the solution of a Zen Master!
Does anybody the whereabouts of a picture of the knot, and how it was held
up by the pin and the yoke?
--
Jones!
Ralph A. Schmid, DK5RAS
>German patent laws certainly are different from American. Over here, a
>subtle change to a well known design is considered too trivial to allow a
>new patent. And our laws expire after seventeen years, which isn't really
>a very long time, when you stop to think about it.
Here the span is AFAIK 20 or 25 years, still not very long for a
masterkey system. But it seems that there is some agreement that even
blanks for older systems are not freely available. One company (CES)
managed to develop blanks looking like their logo when you have a look
at the tip of the key; this trick gave even longer protection...
Ralph A. Schmid, DK5RAS
> You are right that it isn't hard to make blanks from scratch. Not
>only are the keyways easily accessible, but so are cut keys. Making new
>blanks on a milling machine (one at a time) is easy - and $10 each is
>probably in the right neighborhood.
> But if an enterprising businessman does this - and perhaps uses mass
>production to greatly lower the per blank cost - how does he get the
>word out to prospective buyers while keeping it a secret from the lock
>manufacturers (who have patents etc. legal protection) and the law
>enforcement authorities?
I would sell them from a country where this is legal and/or where no
one cares :) Like it is done with many "grey" stuff...
Ralph A. Schmid, DK5RAS
>The German guy said that there no laws regarding who can buy what parts,
>and that all the enforcement is employed by means of the company guarding
>being unwilling to release the blanks.
>
>And it's amazing to me that something so trivial as changing a blank to fit
>a different keyway can be patented. There are Himalayan mountains of prior
>art.
Yes, this is strange; but it seems to work. Even for locks with a
simple blank like Keso2000 (www.keso.ch) there are no blanks freely
available, and this one is just a piece of metal, some mm * some mm,
no special shape, just the milled holes...but without the scurity card
you will not get a key.
Ralph A. Schmid, DK5RAS
>This is fine and well for security. But it isn't very convenient. It's a
>tradeoff. What happens when the single shop able to cut your keys goes out of
>buisiness?
I do not exactly know, but for sure the company finds a way to produce
the keys diretly for you, or they give the "keyway licence" to another
shop in your area. In germany everything is regulated, so there _must_
be a workaround for this.
>Here in the US people have either option. If convenience is more important go
>with a non restricted keyway. If security is more important go the restricted
>keyway route.
Similar here...
>Well whomever cuts/duplicates your keys has to have the blanks and knows the
>biting. Unless you are going to have your own personal keyway and cut all your
>own keys (possible and/or practical for the locksmith, not many others though)
>then you have to trust someone.
But the factory is far from my home, a large complex with security
standards like the "Deutsche Bank", and the data is held there
anonymous, just numbers and the cuts, no names. Often only the shop
who sold the locks knows the name, and if you tell him a wrong name,
or no name at all and pay him cash?
>Or authorized keys. Which brings us straight back to convenience vs security.
Well, I take my security card and go to the next shop, and if it is
"his" keyway he simply cuts the key, if it is a factory keyway, then
he orders the key. I like the second option more... :)
Ralph A. Schmid, DK5RAS
>With regard to the numbers stamped on keys themselves this is not a huge
>security flaw. Someone with access to the key already knows the biting. Even an
>inexperienced person could quickly teach themselves to read the biting at a
>glance of a particular key with a little practice and depth and space info.
>Given a little more time (10 - 20 seconds) they could simply make a trace of
>it. Even w/o a key machine they could file a key to match in no time. As far as
This is why I always say, standard pin tumbler locks are insecure by
themselves, regardless how key duplication is handled.
>"the high security keys only can be duplicated in the factory" Lockmasters now
>sells a duplicator which can create the side milling and duplicate many of the
>high security keys. Page 9 of 2003 Volume 1. Expensive? I'm sure it is (they
>don't list a price). I'm sure other suppliers sell this or comparable machines
>as well. The point is if someone with access to a key wants a dup bad enough
>they will get it.
But do they sell this to everyone, or only to approved and certified
shops?
Henry E Schaffer
John Schutkeker <jschu...@cs.com> wrote:
>h...@hes01.unity.ncsu.edu (Henry E Schaffer) wrote in
>news:bcn5kf$3rv$1...@hes01.unity.ncsu.edu:
>
>> But if an enterprising businessman does this - and perhaps uses mass
>> production to greatly lower the per blank cost - how does he get the
>> word out to prospective buyers while keeping it a secret from the lock
>> manufacturers (who have patents etc. legal protection) and the law
>> enforcement authorities?
>
>The German guy said that there no laws regarding who can buy what parts,
>and that all the enforcement is employed by means of the company guarding
>being unwilling to release the blanks.
I was thinking about US law. (I don't know anything about German
law.)
>And it's amazing to me that something so trivial as changing a blank to fit
>a different keyway can be patented. There are Himalayan mountains of prior
>art.
Are you aware of "design patents"? (There are many different types of
patents. For example one can patent a day lilly!)
> ...
>However, the most interesting question is "how do I defeat system X," which
>has a huuuuge security risk. I still haven't found a locksmith who will
>let me photocopy the Master Lock pages from his HPC manual,
There are two aspects to this:
1) the security risk you mention, and
2) copyright violation (also "I paid for this - I don't want to give it
away.")
>even though I'm doing the cryptography, and not trying to break into
>people's gym lockers to steal their wallets.
I believe you - but I'm sure that a lot of other people will make that
claim and not be telling the truth.
>I've gotten to the point where I'm willing to swear whatever oath of
>honesty the state requires for licensing, just because I'm so frustrated.
>As the president said in 1974, "I am not a crook."
If you get a license (or other appropriate locksmithing credentials)
then you become part of the "in group" and will be treated differently
than someone with no credentials.
Billy B. Edwards Jr.
Peaks, Primus, Everest, Pyramid, Lori L10, ASSA and Master Lock's ML
Series just to name a few. All simple pin tumblers for rekeying and
they all have patent protection.
BBE.
Billy B. Edwards Jr.
at MIT. The ads in the back of PM are for training courses, and yes.
BBE.
Joe Kesselman (yclept Keshlam)
> Playing around with college dorm systems
MIT's amateurs are playing with more than the dorms. Still:
> does not a locksmith make
I agree. However, the best of these amateurs are reasonably competent in
a subset of the craft -- skilled apprentice level, perhaps. (The worst
are butchers, but that's true everywhere.)
--
Joe Kesselman, http://www.lovesong.com/people/keshlam/
Joe Kesselman (yclept Keshlam)
> Does anybody know how to gaffe or rap a Master?
If they do, they probably aren't going to post instructions here. See
the FAQ for a discussion of why.
Joe Kesselman (yclept Keshlam)
> Does anybody the whereabouts of a picture of the knot, and how it was held
> up by the pin and the yoke?
There are multiple classical paintings. None from the original. Imagine
your own...
One story has it that the rope had been laid back into itself; you'd
have to find the splice point and tease that apart before you could
untie it.
There's something to be said for unasking the question. There's also
something to be said for recognizing a rigged game and not playing.
There's also something to be said for having the humility to admit that
you don't know.
Henry E Schaffer
Roger Shoaf <sh...@nospamsyix.com> wrote:
>"Henry E Schaffer" <h...@hes01.unity.ncsu.edu> wrote in message
>news:bcn5kf$3rv$1...@hes01.unity.ncsu.edu...
>> You are right that it isn't hard to make blanks from scratch. Not
>> only are the keyways easily accessible, but so are cut keys. Making new
>> blanks on a milling machine (one at a time) is easy - and $10 each is
>> probably in the right neighborhood.
>
>Have you ever tried it? Usually if someone has a milling machine the
>minimum you can buy their time for is $20 (for someone with the machine in
>his garage, a lot more for a pro.) an hour. When you consider exactly what
>has to go into the process and the tooling required no way could you get
>into the $10 ballpark.
I have a small milling machine, and I have milled pieces of steel. I
haven't milled a flat piece of brass or nickel silver into the cross
section of a key. But the metal should mill more easily than steel -
and that's good because one would have to use rather small mills.
Unfortunately I don't have any of that small size (of any shape) so I
can't do a test project. But the amount of work looks to be small. The
keys I have in my pocket would require 1 or 2 passes of a mill on each
side - each pass being about 1 1/2" long - that's to cut the millings.
The preparation of the blank means one pass (with a large mill) to cut
to thickness if that is not already available, and one pass to cut to
height.
All in all, it wouldn't take long - and most of the time would be in
set up. The cost of materials is small. So even if one couldn't get
one blank made for $10, one probably could get 10 made for $100 (or less
if one used a CNC mill.)
--
--henry schaffer
h...@ncsu.edu
John Schutkeker
You claim that the code is a one-time pad, but since you won't send me the
photocopies to prove it, all you have is a cynical opinion. Since you and
I both think that this system will be weak, if it exists at all, you have
to start with the simplest method and proceed to more complex ones.
I've eliminated mono-alphabetic, which superset that contains XOR and
digit-wise addition mod n. All that's left are poly-alphabetic and linear
mod n, based on the whole dataset. Those can easily be eliminated, too.
John Schutkeker
> If they do, they probably aren't going to post instructions here. See
> the FAQ for a discussion of why.
Now that I know it's in the FAQ, it's obvious why. If this group isn't for
swapping secrets, what is it for, flaming?
Incidentally, rapping is a uniquely useless method for opening padlocks. I
tried using a hammer on a Master s-series padlock, and all I managed to do
was flatten the side of the case. The three series may be more amenable,
since the case is sturdier.
It looks to me like the spring is so strong you'd need a baseball bat to
hit it hard enough, but that won't work when the lock is attached to a
hasp.
d...@tanj.com
> steve...@aol.comNOSPAM (Steve001968) wrote:
>
>>"the high security keys only can be duplicated in the factory" Lockmasters now
>>sells a duplicator which can create the side milling and duplicate many of the
>>high security keys. Page 9 of 2003 Volume 1. Expensive? I'm sure it is (they
>>don't list a price). I'm sure other suppliers sell this or comparable machines
>>as well. The point is if someone with access to a key wants a dup bad enough
>>they will get it.
>
> But do they sell this to everyone, or only to approved and certified
> shops?
>
> regards - Ralph
Like most things that are security related, this has a flaw.
What happens to the code books and restricted keyways and special machines
when the owner dies or goes out of business? There is nothing to keep
them off the open market.
I speak from experience, having purchased a lot of materials used.
Some was from friends and aquaintances, some was bought on e-bay,
some was bought from people on this group this group.
Restricting the purchase is a good start, but it does not ensure that
the materials are going to stay in certified shops.
Daniel
Joe Kesselman (yclept Keshlam)
> Now that I know it's in the FAQ, it's obvious why. If this group isn't for
> swapping secrets, what is it for, flaming?
Swapping non-secrets; there's a lot of locksmithing which can be
usefully discussed without getting into excessively sensitive material.
Unfortunately, since Endless September rolled around, the concepts of
"secrets" and "newsgroups" no longer go together very well.
If you want to flame, feel free, but the FAQ really does sum up the
arguments on boths sides pretty darned well.
John Schutkeker
>> Now that I know it's in the FAQ, it's obvious why. If this group
>> isn't for swapping secrets, what is it for, flaming?
> Swapping non-secrets;
Are you a locksmith?
John Schutkeker
> MIT's amateurs are playing with more than the dorms. Still:
> > does not a locksmith make
> I agree. However, the best of these amateurs are reasonably competent in
> a subset of the craft -- skilled apprentice level, perhaps. (The worst
> are butchers, but that's true everywhere.)
I never pretended to be anything more than an amateur, and you can't become
anything more without investing in a lot of expensive equipment. But as an
MIT guy, you might guess that I'm smart enough not to get into B&E. All I
ever said I like to do is solve puzzles, as is summed up by the title of
Steranko's book that almost was. Right now, the puzzle of interest is to
investigate the overlap of key codes and simple crypto algorithms.
The best thing about this racket is that it's a great way to impress
chicks. Although not a very good opening line, mentioning that you know
how to shim ratchet cuffs is sure to get their attention.
But you guys are a bunch of sticks in the mud, and suspicious ones at that.
Incidentally, do you guys have to swear an oath in order to get your
licenses?
--
Jones!
Joe Kesselman (yclept Keshlam)
> But as an
> MIT guy, you might guess that I'm smart enough not to get into B&E.
I'm an MIT grad myself (if you're a hacker, you may recognize my user
ID), and I'm afraid that doesn't necessarily follow. Smart doesn't
necessarily imply wise. There _have_ been student thefts on campus in
the past. And even folks who are basically honest aren't always
thoughtful/careful enough to avoid getting themselves in trouble.
There were some fellow students I would teach, some I wouldn't for their
own sake, and some whom I *knew* I didn't want responsibility for.
> But you guys are a bunch of sticks in the mud, and suspicious ones at that.
No, we're suspicious, and that makes us come across as sticks in the mud
to some who want it all immediately and on a platter.
Cultivate patience and persistance, young one; you will not achieve
mastery without these attributes.
> Incidentally, do you guys have to swear an oath in order to get your
> licenses?
I think there's a FAQ entry on the topic of licences too. The basic
answer on that topic is It Depends.
Joe Kesselman (yclept Keshlam)
> Are you a locksmith?
I'd consider myself a journeyman; there are many things I don't know (I
do almost no auto work, for example), and a sufficient number that I do.
I've occasionally published tips in trade journals; haven't published a
full article as yet. Basically, I've been "paying my dues" for decades,
though I haven't been exercising the skills as much recently.
I'm not currently licensed, since as far as I know my area doesn't
require it. I am carrying a performance bond. And I keep meaning to get
into the town clerk's office and file an official doing-business-as, but
haven't yet done so.
Whether that meets your definition of "locksmith" is entirely up to you.
But I find that most pros are willing to accept me as a member of the
community, even though locksmithing is not currently my primary career.
--
Joe Kesselman, O. R. K. Security Services -- Full Service, Part Time
Ralph A. Schmid, DK5RAS
>Like most things that are security related, this has a flaw.
Yes, of course, but selling them not to the open is one thing among
others making it at leasrt difficult to duplicate such keys.
>Restricting the purchase is a good start, but it does not ensure that
>the materials are going to stay in certified shops.
This is one reason why I repeat again and again that the best security
is achieved with a high security look with difficult to duplicate
patterns and a restriction in key duplication to the factory, and only
with a security card. I prefer systems like the triple sidewinder EVVA
3KS or their magnetic system, or something like DOM Diamant and
similar designs.
>Daniel
John Schutkeker
> I'd consider myself a journeyman; there are many things I don't know (I
> do almost no auto work, for example), and a sufficient number that I do.
AFAIK, locksmiths don't really do automotive work, although they also won't
admit to that. AAA controls the lock-out segment and only body shops can
handle the needs for repair after break-ins and thefts. My car was stolen
a few years back by the standard technique of knocking the cylinder out of
the steering column, and I learned that the job was beyond the abilities of
a locksmith.
I'd suggest dropping by your dealership to pick up an auto cylinder, as
they've got some interesting security features. Even though it's just a
wafer lock (is that what some smiths call disk-tumbler?) which should mean
that you can pick it virtually instantaneously, it's a lot harder than
that.
Toyota has added two mechanical barriers to inhibit picking, a fixed one
about halfway down the row of wafers and a spring-loaded one at the mouth
of the keyway. Between those two, I couldn't make any headway at all and
haven't had any new ideas for work-arounds since I originally had the idea,
which was years ago.
I've never been convincingly informed that they can be picked, and it would
be nice to know if the man exists who can do it reliably and consistently,
or if that system is still basically undefeated.
> I've occasionally published tips in trade journals; haven't published a
> full article as yet. Basically, I've been "paying my dues" for decades,
> though I haven't been exercising the skills as much recently.
I was wondering if the smithing trade had journals of new developments.
Care to share the names with me? I think that it's a safe that they won't
be in any of the local libraries.
> I'm not currently licensed, since as far as I know my area doesn't
> require it. I am carrying a performance bond. And I keep meaning to get
> into the town clerk's office and file an official doing-business-as, but
> haven't yet done so.
Up here, a DBA number is only $10 for 5 years, which makes it a huge
bargain. But I think the only reason why you really need it is for taxes,
which is an issue if you're really going to do business.
What exactly does bonding entail, and was I right about the part where you
either sign or swear to an oath?
> Whether that meets your definition of "locksmith" is entirely up to you.
> But I find that most pros are willing to accept me as a member of the
> community, even though locksmithing is not currently my primary career.
My definition of "locksmith" is a guy who owns the training manuals and has
studied them in sufficient depth to be employable by a shop owner, should
he happen to have taken out a want ad that month, and who has free access
to the critical pieces of equipment, like the code books and the good
cutting machines, but not the sad duplicating machines in the hardware
stores.
Did I leave anything out?
John Schutkeker
> I'm an MIT grad myself (if you're a hacker, you may recognize my user
> ID),
I *was* a hacker when I was at MIT, but IMHO that pastime only exists
within the Institute (and perhaps Caltech).
"Hacking" has become an horrifically obsolete misnomer, since the word is
generally accepted by everybody except MIT insiders, including the press,
public and probably even Webster's, as computer trespassing. In the
outside world, trespassing with lock picks already has a name, breaking and
entering, and the penalty is three to five in the state pen.
What years were you at the Institute?
> and I'm afraid that doesn't necessarily follow. Smart doesn't
> necessarily imply wise. There _have_ been student thefts on campus in
> the past.
Ever hear of a guy named Mark Taylor? He's a perfect case in point of why
you should keep your nose clean.
And I'll be the first to admit that I make mistakes. There was a time when
I got my ass in trouble and decided that it made more sense to go straight,
and just not expose myself to the things that screwing up my life. The big
hassle was that the knuckleheads in my hacking club wouldn't frickin' leave
me alone, because they saw me pick some locks that other people had trouble
with. Sure, I could do it ok in the confines of a nice safe dorm room, but
every time I tried to pull a hack, something would go wrong. They kept on
me to get back into the game, even though I knew that I'd just get in
trouble again.
All this is why I point out loudly and frequently to everyone who seems
concerned that I'll swear any oath you ask not to use my skills for
clandestine, surreptitious or criminal purposes. And the repetition has
the added benefit that it keeps reminding me that I'm not in it for
anything but the satisfaction of solving puzzles.
Did you ever hear the story of the night Jim Steranko decided to go
straight?
> And even folks who are basically honest aren't always
> thoughtful/careful enough to avoid getting themselves in trouble.
Which is why I've sworn off clandestine field-work. After you've left the
benign shelter of the 'Tute, you're no longer playing an elaborate game of
tag with friendly rent-a-cops called CP's. You have to assume that real
cops aren't forgiving in any way shape or form, because if you get into a
situation where you have to find out, there's far too much at stake for you
to be wrong.
Thus hacking becomes a locksmithing hobby, and secret activities rise above
board. As they say, sunshine is the best disinfectant.
> There were some fellow students I would teach, some I wouldn't for
> their own sake, and some whom I *knew* I didn't want responsibility
> for.
At 42, I'm a lot wiser than I was at 22. At 82, I'm sure I'll be wiser
still...
Joe Kesselman (yclept Keshlam)
> "Hacking" has become an horrifically obsolete misnomer
Some of us refuse to accept the abuse of the term, even if it is uncommon.
> What years were you at the Institute?
You can find that out easily enough from the alumni website...
> All this is why I point out loudly and frequently to everyone who seems
> concerned that I'll swear any oath you ask
Problem is, until I know you personally I don't know what your oath is
worth. Endless recursion. Establish yourself in the community, excercise
patience, exercise effort, and doors open. Think of it as another form
of lockpicking, though here you're trying to manipulate social rather
than mechanical pins.
If someone doesn't have the patience for that, it's probably time to
switch hobbies because they'll never be decent at locksmithing either.
It's _ALL_ about patience and precision and exploring alternatives and
reacting calmly despite frustration.
Putyourspamhere
>From: John Schutkeker jschu...@cs.com
>Date: 6/17/2003 9:50 PM Eastern Daylight Time
>Message-id: <Xns939DDDD765506...@205.188.138.161>
>
>h...@hes01.unity.ncsu.edu (Henry E Schaffer) wrote in
>news:bcn5kf$3rv$1...@hes01.unity.ncsu.edu:
>
>> But if an enterprising businessman does this - and perhaps uses mass
>> production to greatly lower the per blank cost - how does he get the
>> word out to prospective buyers while keeping it a secret from the lock
>> manufacturers (who have patents etc. legal protection) and the law
>> enforcement authorities?
>
>The German guy said that there no laws regarding who can buy what parts,
>and that all the enforcement is employed by means of the company guarding
>being unwilling to release the blanks.
What has that to do with what you were responding to i.e. marketing while
simultaneously avoiding a lawsuit for patent infringement?
>And it's amazing to me that something so trivial as changing a blank to fit
>a different keyway can be patented. There are Himalayan mountains of prior
>art.
>
>> You can easily succeed if they judge that the information you want is
>> sufficiently general as to not pose a tangible security risk. (Well,
>> some are a bit more paranoid and won't talk about anything!)
>
>If you show them you know the game, they'll treat you with respect. And if
>you start telling them good secrets, their natural tendency is to tell you
>theirs.
>
>However, the most interesting question is "how do I defeat system X," which
>has a huuuuge security risk. I still haven't found a locksmith who will
>let me photocopy the Master Lock pages from his HPC manual, even though I'm
>doing the cryptography, and not trying to break into people's gym lockers
>to steal their wallets.
A. If you haven't been able to obtain this information for yourself you can't
be very serious about what you are doing, or don't need the information very
badly.
B. The books you speak of are copy righted.
C. The owners of those references had to pay for them. Why would you expect
them to give you the information?
>I've gotten to the point where I'm willing to swear whatever oath of
>honesty the state requires for licensing, just because I'm so frustrated.
>As the president said in 1974, "I am not a crook."
He was a crook. If you're willing to swear an oath for the reason you state
above perhaps you are too.
>Besides 4-pin Masters be reliably picked just a few minutes, because the
>keyway has a serious design flaw. Sears padlocks are infinitely more pick
>resistant than Masters.
What's your point? These padlocks are easily circumvented. Picking isn't the
easiest wayanyway.
>
>
>
>--
>Jones!
>
Putyourspamhere
>Date: 6/18/2003 12:28 AM Eastern Daylight Time
>Message-id: <5hqvevs24gkcoggs6...@4ax.com>
Why do it at all? There is likely little profit potential in the whole venture.
Putyourspamhere
>From: "Ralph A. Schmid, DK5RAS" nos...@radio-link.net
>Message-id: <o3uffv8sh51hu703c...@4ax.com>
Such specific tools are not needed to duplicate a key. There is no purely
mechanical key which can't be easily duplicated by a skilled machinist with non
locksmithing specific machine tools.
Putyourspamhere
>Date: 6/21/2003 3:18 PM Eastern Daylight Time
>Message-id: <Xns93A19B6B6F11E...@205.188.138.161>
>The best thing about this racket is that it's a great way to impress
>chicks. Although not a very good opening line, mentioning that you know
>how to shim ratchet cuffs is sure to get their attention.
LOL If that's the best you can do to "impress chicks" I bet you don't impress
many.
>But you guys are a bunch of sticks in the mud, and suspicious ones at that.
>Incidentally, do you guys have to swear an oath in order to get your
>licenses?
>
>
>--
>Jones!
Almost anyone concerned with security will be somewhat suspicious.
Investigating the process used to generate valid credit card numbers sounds
like something that might interest you. Why not just ask around in that
industry and see how suspicious people get.
Putyourspamhere
>Date: 6/21/2003 9:11 PM Eastern Daylight Time
>Message-id: <bd2vn4$mhc$5...@wildfire.prairienet.org>
>
>
>I'm not a locksmith, but as a computer security guy now and then, I like
>reading forums where dark-side hackers discuss how to break into systems,
>just to I know better how to secure the ones I manage. www.2600.com is
>such a place.
There are two sides to openess with regard to computer security as well. Many
of the hackers who find and publish exploits have no interest in maliciousness
or destruction, however many of the script kiddies who learn of exploits they
would never have discovered on their own do, and use said exploits to that end.
>All the BS secrets of locksmithing that people try to keep around here
>are crazy, given that even I can make/obtain a plasma torch, big power
>drill with tough carbide-steel bits, etc.
LOL This statement shows how little you understand of physical security or the
real world threats to it.
Joe Kesselman (yclept Keshlam)
> Some of us refuse to accept the abuse of the term, even if it is uncommon.
That's what I get for writing when half awake. "Even if the proper usage
is now uncommon" or "even if the abuse is common." Gnumph.
Joe Kesselman (yclept Keshlam)
> AFAIK, locksmiths don't really do automotive work, although they also won't
> admit to that.
Not true. Some do. Some don't. I don't, very often; I know folks who do.
> a spring-loaded one at the mouth
> of the keyway.
Uhm. If you're talking about the door locks, I think you're referring to
the dust cover which is present on most autombile doors. If so, there
are straightforward ways of holding that back while working on the lock.
> I was wondering if the smithing trade had journals of new developments.
> Care to share the names with me?
Locksmith Ledger and National Locksmith are the two US journals most
often cited. I think there may be a third still in operation. My
favorite, Reeds Security Reporter, unfortunately lasted only a few
years; publishing's a tough business.
> Up here, a DBA number is only $10 for 5 years, which makes it a huge
> bargain. But I think the only reason why you really need it is for taxes,
> which is an issue if you're really going to do business.
Basically, yes.
> What exactly does bonding entail, and was I right about the part where you
> either sign or swear to an oath?
Bonding: Is a form of insurance for the customer. Basically, it
represents additional money they can sue you for. It's a
marketing/reassurance tool.
Oath: There might be one on licencing, but few states do licencing.
Mostly I swear at paperwork rather than to it. ("I do solemnly affirm
that this is the worst set of instructions I've seen in a long time.")
I sometimes wish Locksmithing *WAS* still more guild-like and had
something akin to the Hipocratic Oath.
> My definition of "locksmith" is a guy who owns the training manuals and has
> studied them in sufficient depth to be employable by a shop owner
I'd put the definition in terms of "can exercise a sufficient range of
skills well enough"... and I'd note that "employable" sometimes includes
apprentice, which may be someone who doesn't initially know much more
than how to sweep the shop and ring up sales.
> to the critical pieces of equipment
Surprisingly few pieces of equipment are "critical". Better tools allow
you to work more efficiently and reliably, but skill can substitute for
tools in many cases.
For example: Code books are important if and only if you're doing code
work -- and whether you get a full set, or buy versus rent or borrow
this resource, is optional. If it's a significant part of your business
you definitely need it; if you're working in areas where it isn't, you
don't.
Part of running a business is figuring out which investments actually
make sense given your intended customer base... and when it makes sense
to say "I don't do that but I'm perfectly willing to refer you to a
friend who does."
The government's standard job descriptions -- darn, I can't find the
link right now -- actually do a moderately decent job of characterizing
locksmiths and safe technicians. Massively incomplete, of course, and
the emphasis may not be exactly where I would have put it, but their
summary is better than I would have expected.
Joe Kesselman (yclept Keshlam)
> Such specific tools are not needed to duplicate a key. There is no purely
> mechanical key which can't be easily duplicated by a skilled machinist with non
> locksmithing specific machine tools.
Sure. But a skilled machinist gets more money per hour than a thief
does, and has no incentive to take a job which may get him arrested as
accessory.
Perfect security is impossible. Good enough really is good enough, and
in many cases is a surprisingly low bar, *IF* people don't gratuitously
weaken it further.
Putyourspamhere
>Date: 7/2/2003 8:00 PM Eastern Daylight Time
>Message-id: <3f037...@news1.prserv.net>
What you say is in most cases true. I comfortably would say 95% of the time.
However it's dangerous to assume that all criminals are not highly skilled.
It's also a mistake to assume that all crime nets peanuts. It is no doubt well
within the capability of some criminals to produce the various high security
keys. If you really have something to protect it's a mistake to depend on
physical security alone, no matter how good it may be. You would be surprised
(or perhaps not) at the amounts of cash and other valuables some people entrust
to physical security alone.
John Schutkeker
>> What exactly does bonding entail, and was I right about the part
>> where you either sign or swear to an oath?
> Bonding: Is a form of insurance for the customer. Basically, it
> represents additional money they can sue you for. It's a
> marketing/reassurance tool.
Where does this extra money come from?
> I sometimes wish Locksmithing *WAS* still more guild-like and had
> something akin to the Hipocratic Oath.
You've obviously never been injured by an clumsy physician.
Henry E Schaffer
Putyourspamhere <putyour...@aol.com> wrote:
> ...
That would be a bad assumption. Note that it isn't the same as
assuming (believing) that the majority of criminals are not highly
skilled - and the vast majority who would break into the lower or middle
class residence.
>It's also a mistake to assume that all crime nets peanuts.
Why do you keep on talking about "all"? All it takes is *one* big
crime to break that assumption - and we know that there are many big
crimes! (But there is a *lot* of petty crime.)
>It is no doubt well within the capability of some criminals to produce
>the various high security keys.
Sure - to produce or buy or ... But are these the ones breaking into
typical residences and stealing their electronic entertainment gear?
>If you really have something to protect it's a mistake to depend on
>physical security alone,
Such as lighting, locks, alarms, etc.?
>no matter how good it may be. You would be surprised (or perhaps not)
>at the amounts of cash and other valuables some people entrust to
>physical security alone.
What kind of non-physical security would you sugges should be used to
protect cash, jewelery, etc.? (Actually Master Sean - working for Lord
Darcy - came up with some really good non-phyical methods - but ... :-)
--
--henry schaffer
h...@ncsu.edu
Henry E Schaffer
John Schutkeker <jschutkek...@cs.com> wrote:
>"Joe Kesselman (yclept Keshlam)" <kes...@attglobal.net> wrote in
>news:3f037...@news1.prserv.net:
>
>>> What exactly does bonding entail, and was I right about the part
>>> where you either sign or swear to an oath?
>
>> Bonding: Is a form of insurance for the customer. Basically, it
>> represents additional money they can sue you for. It's a
>> marketing/reassurance tool.
>
>Where does this extra money come from?
Read up on insurance - it's the pool of reserves that provides this.
(If you've ever bought insurance, you should know where *that* comes
from. :-)
>> I sometimes wish Locksmithing *WAS* still more guild-like and had
>> something akin to the Hipocratic Oath.
>
>You've obviously never been injured by an clumsy physician.
How is this relevant?
--
--henry schaffer
h...@ncsu.edu
John Schutkeker
news:3EED089A...@thelockman.com:
> As for the Locksoft program, I wrote the specification for it and did
> some of the debugging.
You're definitely using a linear congruential PRNG with super-encipherment.
What machine did you implement it on, and in what programming language? Do
Master Lock and American use the Locksoft program?
Billy B. Edwards Jr.
Master Lock uses it now, American doesn't, yet. :-)
BBE.
John Schutkeker
news:20030702151302...@mb-m18.aol.com:
> If that's the best you can do to "impress chicks" I bet you don't impress
> many.
>
You're obviously too stupid to use a bad boy angle to get chicks. With
that low IQ and angry demeanor, I'll bet you don't impress many either,
Einstein.
--
Jones!
John Schutkeker
> Master Lock uses it now, American doesn't, yet. :-)
You have no idea which language the program was written in?
John Schutkeker
news:bd2vn4$mhc$5...@wildfire.prairienet.org:
> All the BS secrets of locksmithing that people try to keep around here
> are crazy, given that even I can make/obtain a plasma torch, big power
> drill with tough carbide-steel bits, etc.
Where were you when I needed to convince Kessleman that releasing the
equations for the code numbers wouldn't substantially compromise padlock
security? You've figured out what I always tried to teach my buddies at
MIT, which is that there's not much need to secure your stuff against
lockpicking, because if a thief wants to take it, he's gonna smash his way
in.
But as I also tried unsuccessfully to explain to Kessleman, this isn't
about breaking and entering, it's about solving mechanical puzzles.
There's a big difference between the black hats and the white hats, and I
sure wish you clowns would stop accusing me of being on the dark side.
John Schutkeker
It turns out I was right all along. Billy Edwards gave a complete and
accurate description of the algorithm used by Master Lock, and it involves
a super-enciphered linear congruential method.
Do you remember the "I told you so" dance from the old MGM cartoons. It
goes as follows
I told you so.
I told you so.
Don't forget I told you so.
YA da DA da DA da DA.
Don't forget I told you so.
And it repeats over and over and over...
:-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-)
?.???
"John Schutkeker" <jschutkek...@cs.com> wrote in message
news:Xns93ADC1C321A5B...@205.188.138.161...
John Schutkeker
What year was this software developed, and when you were at Locksoft, what
was the name of your biggest competitor in the business of writing code
generating software.
Billy B. Edwards Jr.
It was developed 4 or 5 years ago, the copyright is still very much in
effect. Locksoft has no competitors in generating code software. Most
manufacturers attempt to develop their own in-house, when they give up
from all the errors they buy Locksoft software. Various software
programs have been purchased by about 14 manufacturers over the years.
BBE.
Henry E Schaffer
John Schutkeker <jschutkek...@cs.com> wrote:
>It turns out I was right all along. ...
>
>I told you so.
>I told you so.
>Don't forget I told you so.
>YA da DA da DA da DA.
>Don't forget I told you so.
>
>And it repeats over and over and over...
>
>:-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-)
Thanks for resolving some doubts I had.
--
--henry schaffer
h...@ncsu.edu
Joe Kesselman (yclept Keshlam)
> Where does this extra money come from?
This is a form of insurance; you purchase it like any other kind. In my
case I'm bonded thru TNL.
>>I sometimes wish Locksmithing *WAS* still more guild-like and had
>>something akin to the Hipocratic Oath.
>
> You've obviously never been injured by an clumsy physician.
Side issue. There are incompetents in any field.
Joe Kesselman (yclept Keshlam)
> Where were you when I needed to convince Kessleman that releasing the
> equations for the code numbers wouldn't substantially compromise padlock
> security?
Uhm. Why did you need to convince me? It's a free country; if it's
important to you, make it happen. Just don't expect folks who disagree
with you to help you make it happen.
> But as I also tried unsuccessfully to explain to Kessleman, this isn't
> about breaking and entering, it's about solving mechanical puzzles.
Reminder: I'm a part-timer myself. I understand that motivication. I'm
also living proof that if you get off your arse and WORK for the
knowledge, you can get it. It will cost you some time and some money and
some effort. If you don't think it's worth the investment, that's your
problem, not mine.
Joe Kesselman (yclept Keshlam)
> motivication.
Glarg. Thinking one thing and typing another. Sorry 'bout that.
Point remains: If you want to learn, you can learn. If you aren't
learning, that suggests you aren't making enough effort.
The whole point of a puzzle, after all, is the challenge in solving it.
If that's your motivation, you shouldn't expect -- or want! -- to be
handed the answer; that defeats the purpose.
cashcroft
ROTFLMAO
Phil
John Schutkeker
news:be7m24$pj$1...@hes01.unity.ncsu.edu:
> Thanks for resolving some doubts I had.
That's nice, but what are you going to do with the information, now that
your cynicism is satisfied?
John Schutkeker
> There's something to be said for unasking the question.
What do you mean by "unasking" the question?
Joe Kesselman (yclept Keshlam)
>>There's something to be said for unasking the question.
>
> What do you mean by "unasking" the question?
A monk asked Chao-chou, "Has the dog Buddha nature or not?"
Chao-chou said, "Mu."
For some insight into the many ways of intrepreting that response, hit
the web... but one of those ways is that the question posed is poorly
formed, and is not a meaningful question.
Specifically to this case: It may be legitimate to say that a puzzle
which cheats (eg, a "knot" which is actually a splice and thus can not
be untied in the normal sense) is not a puzzle. Or it may not be, if the
puzzle is taken in a larger sense of "how was this achieved."
Cutting the Gordian knot may have been a brilliant bit of lateral
thinking, or may have been pure vandalism. It all depends on _exactly_
how the challenge was phrased.
Putyourspamhere
>Date: 7/3/2003 7:05 PM Eastern Daylight Time
>Message-id: <Xns93ADC1C321A5B...@205.188.138.161>
How could anyone possibly "know" what side you're on? You would be surprised
how few people who request information to compromise this or that security
device state their desire to break and enter with the information.
Putyourspamhere
>Message-id: <Xns93ADBF77E1055...@205.188.138.161>
Touchy touchy Jones. I'm betting you're success with the ladies is far less
than mine. The fact that I don't think of it as "getting chicks" and haven't
since about 8th grade might have something to do with it. LOL
Putyourspamhere
>Date: 7/3/2003 5:03 PM Eastern Daylight Time
>Message-id: <be25nm$p1r$1...@hes01.unity.ncsu.edu>
>
>In article <20030703115506...@mb-m15.aol.com>,
>Putyourspamhere <putyour...@aol.com> wrote:
>> ...
>>However it's dangerous to assume that all criminals are not highly skilled.
>
> That would be a bad assumption. Note that it isn't the same as
>assuming (believing) that the majority of criminals are not highly
>skilled - and the vast majority who would break into the lower or middle
>class residence.
The comments I was originally responding to were with regard to high security
locking systems not usualy found on lower to middle class residences.
>>It's also a mistake to assume that all crime nets peanuts.
>
> Why do you keep on talking about "all"? All it takes is *one* big
>crime to break that assumption - and we know that there are many big
>crimes! (But there is a *lot* of petty crime.)
Yes there is. Most of this does not involve the defeat of high security locking
systems however. My point was that some crime pays plenty to motivate some
people with the skills to earn a good living honestly. i.e. someone with
machinists skills.
>>It is no doubt well within the capability of some criminals to produce
>>the various high security keys.
>
> Sure - to produce or buy or ... But are these the ones breaking into
>typical residences and stealing their electronic entertainment gear?
Typical residences no. Once again my comments were with regard to high security
locking systems which are not typically used on typical residences.
>>If you really have something to protect it's a mistake to depend on
>>physical security alone,
>
Such as lighting, locks, alarms, etc.?
Alarms are not physical security in the sense that a lock is. Alarms and
lighting are excellant deterents when used with locks which was my point here.
>
>>no matter how good it may be. You would be surprised (or perhaps not)
>>at the amounts of cash and other valuables some people entrust to
>>physical security alone.
>
> What kind of non-physical security would you sugges should be used to
>protect cash, jewelery, etc.? (Actually Master Sean - working for Lord
>Darcy - came up with some really good non-phyical methods - but ... :-)
I would consider non physical security i.e. non barriers to include such things
as alarm systems and surveillance.
>--henry schaffer
>h...@ncsu.edu
>
>
>
>
>
>
>
Henry E Schaffer
Putyourspamhere <putyour...@aol.com> wrote:
>>Subject: Re: Generating code numbers for padlock keys
>>From: h...@hes01.unity.ncsu.edu (Henry E Schaffer)
>>Date: 7/3/2003 5:03 PM Eastern Daylight Time
>>Message-id: <be25nm$p1r$1...@hes01.unity.ncsu.edu>
>>
>>In article <20030703115506...@mb-m15.aol.com>,
>>Putyourspamhere <putyour...@aol.com> wrote:
>>> ...
>>>However it's dangerous to assume that all criminals are not highly skilled.
>>
>> That would be a bad assumption. Note that it isn't the same as
>>assuming (believing) that the majority of criminals are not highly
>>skilled - and the vast majority who would break into the lower or middle
>>class residence.
>
>The comments I was originally responding to were with regard to high security
>locking systems not usualy found on lower to middle class residences.
That's a fair distinction to make - but I didn't understand that you
were making it. I agree that an attractive target greatly motivates the
criminals, and so the stakes are raised on both sides.
> ...
--
--henry schaffer
h...@ncsu.edu