[HN Gopher] A Lock Picking Game Changer [video]
___________________________________________________________________
A Lock Picking Game Changer [video]
Author : DyslexicAtheist
Score : 199 points
Date : 2021-05-03 15:46 UTC (7 hours ago)
(HTM) web link (www.youtube.com)
(TXT) w3m dump (www.youtube.com)
| taftster wrote:
| Direct link to the product page for this tool on his website. It
| wasn't hard to find, but took me a few page clicks:
|
| https://covertinstruments.com/collections/lishi-tools
| Benlights wrote:
| I would not usually try and end run around someone selling a
| product, however he is sold out at the moment so I don't feel
| bad.
|
| These Lishi picks can be had on alibaba and aliexpress for about
| 1/3 to 1/2 the price he is selling them at
|
| https://www.alibaba.com/showroom/lishi-pick-set.html
| https://www.aliexpress.com/wholesale?catId=0&initiative_id=S...
| userbinator wrote:
| The name alone should be enough to convince anyone that these
| picks are from a Chinese company anyway (does anyone happen to
| know their official site?) Of course, there are likely to be
| clones.
| pmarreck wrote:
| While not judging anyone, buying cheaper from a country that
| does not have labor laws protecting its workers is IMHO
| tantamount to buying cheap cotton from southern landowners
| before Lincoln did his thing.
| SV_BubbleTime wrote:
| I'll have to consider the ethics that it's OKAY to steal from
| a Chinese company if the knockoffs are also Chinese.
|
| You do you. I have a product I designed, and produce, knocked
| off by a Chinese company and sold on Alibaba. Super Cool.
| [deleted]
| sumnole wrote:
| Ali has been hit or miss for me. The deals are great, but
| sometimes products are not as described, the wrong product is
| shipped, or nothing gets delivered at all, and reaching
| customer service is not made easy.
| sneak wrote:
| TFA is an ad. Linking to places with better prices isn't an
| "end run".
| Animats wrote:
| Those have been around for years, but mostly for car locks. You
| need a specific one for each kind of lock. They cost about
| US$40-$80 each, and a full set is maybe 50 of them. For car
| locks, the make and model of the car tells you which one to use.
| For door locks, you have to go look at the lock and recognize the
| keyway, or try different ones. So they're more useful for
| automotive.
|
| They're really a key recovery tool - you can read out the lock
| and make a key, as Lock Picking Lawyer does. He has a old manual
| key originating machine where you can hand-cut a key with
| specific notches. There are newer CNC machines for that.[1]
|
| [1] https://keyline.it/en/electronic-key-cutting-machines
| LeegleechN wrote:
| I bought a set of conventional lockpicks to try out the hobby,
| but it ended up being so easy it wasn't interesting! I was able
| to reach competence in a few hours and at that point I didn't
| want to spend a lot of money to find harder to pick locks or try
| to improve my speed further. At least it's a nice tactile thing
| to try out and a useful skill to have in your back packet in case
| you find yourself locked out of your house / bike / whatever.
| mfkp wrote:
| Just make sure that it's not a felony to have them "in your
| back pocket" in your state or jurisdiction:
| http://lockwiki.com/index.php/Legal_issues
| kenhwang wrote:
| Agreed, it's way too easy for most locks to be interesting as a
| hobby, but to jump to pick-resistant locks is a huge increase
| in skill that I never made it past.
|
| So I just treat it as a useful skill to have in emergencies. I
| leave a set of picks in my cars' glove compartments and a very
| crude set (a very basic tensioner and a bunch of hairpins) in
| my yard. Has come in handy a couple of times when I've locked
| myself out.
| Animats wrote:
| _I bought a set of conventional lockpicks to try out the hobby,
| but it ended up being so easy it wasn 't interesting!_
|
| Ordinary pin-tumbler locks with some wear on them are
| embarrassingly easy to pick. Raking or bumping usually works.
| Just apply some tension and stick in something that lets you
| move the pins.
|
| There's a marketing reason for this. If you design a lock that
| wears out into a locked condition, customers eventually get
| locked out and are angry. If you design a lock that wears into
| an easier to unlock condition, customers don't notice.
| nomel wrote:
| Did you try any with security pins, like mushroom pins? These
| are found where security actually matters, which is rarely the
| case for a straight pinned padlock.
|
| I was able to open padlocks effortlessly, but my front door
| deadbolt kicked my butt.
| bawolff wrote:
| Isn't that true of every hobby? Video games are pretty boring
| if you don't go past pong, etc.
| hirundo wrote:
| It's a little device sold by the guy who made the video that
| makes much of his hard-earned muscle memory for lock picking
| unnecessary. It doesn't replicate his thousands of hours of
| training but it goes a long way.
|
| It also wouldn't take an Eli Whitney to turn it into an automated
| gadget that works as a universal key for the most common locks.
|
| This channel does the great service of convincingly demonstrating
| how poorly most locks secure against a skilled attacker. And that
| the skill threshold is rapidly decreasing.
| falcolas wrote:
| > And that the skill threshold is rapidly decreasing.
|
| Especially when you consider how many locks (esp. high tech
| locks) are vulnerable to low skill attacks (rapping, shimming,
| magnets).
| Arainach wrote:
| >It also wouldn't take an Eli Whitney to turn it into an
| automated gadget that works as a universal key for the most
| common locks.
|
| These have existed for a while.
| https://www.youtube.com/watch?v=JKZ_vJDMJ9A
|
| The mechanism isn't quite the same, but that's because for most
| common locks, if you're building a machine you don't need pin-
| by-pin picking.
| SavantIdiot wrote:
| I first read about these in a book called "How to get
| Anything on Anybody" that I bought from the Paladin Press in
| 1983. They're from the 50's, I believe, and haven't changed
| much.
| ineedasername wrote:
| Correct, lishi picks are great for single pin picking, and I
| suspect it might allow dealing with security pins much easier
| than a pick gun. Such guns are somewhat similar to raking
| techniques, which are not great with security pins.
| ashtonkem wrote:
| What's fascinating is that it doesn't seem to matter; most
| thefts in the US appear to be the result of something be
| completely unsecured, or via brute force. Chances are someone
| is far more likely to break your window than pick your lock.
|
| The only ones that really bother me are the firearm locks. A
| distressingly large percentage of firearm locks he talks about
| can be opened in seconds by an untrained teenager, which seems
| incredibly bad to me.
| bdowling wrote:
| > Chances are someone is far more likely to break your window
| than pick your lock.
|
| There are also laws in many states against possession of
| lockpicks during commission of a crime (esp. burglary).
| Criminals probably avoid carrying lockpicks because they if
| they are caught, the lockpicks will cause them to face more
| jail time. Carrying lockpicks while trespassing might also be
| used to show intent to commit burglary.
| LeifCarrotson wrote:
| The other distressing problem with lockpicking and especially
| with firearm locks is that a significant part of their
| security model relies on obscurity.
|
| To be professionally effective, a locksmith must know a lot
| of trivia about dozens of locks, and you can make that
| hundreds or thousands if they want to expand to gun safes and
| bike locks and cars and on and on... For that purpose, the
| plethora of cheap options is a decent deterrent. No normal
| burglar is likely to have specialized skills in opening
| dozens of locks.
|
| But in a targeted attack, if you give any teenager a chance
| to look at the lock, then a few days to go on the Internet
| and see someone trivially jiggling the wafer core open, maybe
| buy an identical lock for $10 and practice their skills, none
| of the basic products are likely to be effective.
| stainforth wrote:
| Security by obscurity or security by variety better yet?
| cosmodisk wrote:
| In my country, the law requires anyone who possesses a gun to
| buy a proper safe,where It'd be stored when not used. The
| country is very safe and the likelihood that you'd ever need
| to use it while at home is close to zero, however situations
| where a burglar could walk out with a registered gun and
| potentially cause endless problems for the owner down the
| line is more probable,so a good safe sounds like a good idea.
| gkop wrote:
| Just a heads up, but that safe would need to be mighty hard
| to dislodge and/or be extremely thick. The long gun safes
| from Costco are easily dislodged and sawn through. My
| understanding is the safe should be built into the wall,
| exposing only its toughest, front side.
| hellbannedguy wrote:
| A center punch to the driver's window welcomed me to San
| Francisco.
|
| I got a $20 radio, and left my truck unlocked, with a sign.
|
| The sign read, "Nap in the back of my truck. Use the seat to
| rest, but please don't break anything else."
|
| Never happened again, and for a week someone was leaving a
| $10 in my glove box. Crazy?
|
| I drive an old Toyota Truck, and most of you have nicer cars.
| Oh yea, I did put a kill switch in the truck.
| jgalt212 wrote:
| very similar to this scenario
|
| > George and Kramer begin parking at a discount parking
| lot. After picking up his car George discovers a condom
| inside and suspects prostitutes are servicing their clients
| inside the cars.
|
| https://en.wikipedia.org/wiki/The_Wig_Master
| ineedasername wrote:
| The limitation of turning it into a general tool for common
| locks is the shape of the keyway. There are multiple versions
| required because the contours keys can vary significantly.
| Similarly, these tools feature the ability to decode the lock
| so you can actually use the information to make a duplicate of
| a key without the key itself. A single tool wouldn't do that
| because the pin lengths can vary for different lock types, and
| sometimes the distance between pins.
|
| However, something like a pick gun can server pretty well for a
| wide variety of locks, with the limitation that they lose some
| efficacy when a lock has security pins.
| yeneek wrote:
| I bought pick gun long time ago and was pretty disapointed.
| Pick gun need wide keyhole. Most locks I encountered had zig
| zag keyhole.
| ineedasername wrote:
| Yeah, pick guns aren't great for even medium security locks
| or paracentric keyways. Standard schlage, kwikset, yale...
| They aren't too bad. But any of their models that allow
| them to be re-keyed by the end user generally don't use pin
| & tumbler designs so raking it and pick guns are useless.
| anonporridge wrote:
| The most important general takeaway I have is that you can't
| rely purely on passive security.
|
| No matter how elaborate your designs, someone will always find
| a way in given enough incentive. And given enough time, a
| tricky, narrow exploit gets widened into a highway.
|
| Security is a red queen. You have to run fast just to stay in
| the same place.
| mgarfias wrote:
| I guess my dog is "active" security then.
| fanatic2pope wrote:
| Depends on the dog. Years ago I had a black lab who slept
| peacefully right through an entire burglary. They even had
| to step over him to get to my CD collection.
| mgarfias wrote:
| I've got a pack of shepherds. They are all quite active.
| Even the old guy
| bawolff wrote:
| Yes, that very literally is active security.
| NicoJuicy wrote:
| There's a whistle that scares all dogs.
| capableweb wrote:
| > No matter how elaborate your designs, someone will always
| find a way in given enough incentive
|
| I'd reverse it. When you realize you need "security" you
| can't just focus on one or two aspects. You have to figure
| out what you need security from. A padlock won't stop the
| government of course, but it will stop a teenager who
| wouldn't want to leave any trace of breaking it nor know how
| to pick locks.
|
| Just like storing your cryptocurrencies on a hardware device
| might protect it against phishing attacks or other
| technological attacks but it won't stop someone from grabbing
| you in person and threatening you with a hammer. For that you
| need physical protection.
|
| So unless you know who you're protecting yourself/your thing
| against, you won't be able to know what security you really
| need.
| kube-system wrote:
| i.e. "threat model"
|
| Be weary of anyone who makes security recommendations
| without first qualifying their audience's threat model.
| Unless they understand what they're trying to protect
| against, it's simply opinionated guesswork, and could even
| be counterproductive.
| larrydag wrote:
| These lock picking tools are getting so easy. I expect new types
| of locks, probably electronic, will be coming out soon in market.
| falcolas wrote:
| They are. And they have different vulnerabilities. Magnets
| triggering relays, spinning magnets rotating motors, "reset
| buttons" that are hidden behind plastic covers...
|
| Of course, that's when they don't have backup key locks; then
| they have the old vulnerabilities on the top of the new
| vulnerabilities (shimming, rapping, etc).
| Quequau wrote:
| Given how many of this man's videos contain the phrase "This
| security flaw has been known for [n] decades" I would not hold
| my breath.
|
| Also, given how many electronic locks he features which are
| total garbage I would not buy one of those for most use cases.
| anonporridge wrote:
| Well known by a relatively tiny group of mostly engineers,
| lock smiths, and hobbyists vs widely available on a 3 million
| subscriber Youtube channel are very different degrees of
| broken.
|
| When EVERY random teenager can easily access these tools and
| learn these tricks, it's liable to start causing some larger
| scale problems that could indeed force change in the
| industry.
| Judgmentality wrote:
| > When EVERY random teenager can easily access these tools
| and learn these tricks, it's liable to start causing some
| larger scale problems that could indeed force change in the
| industry.
|
| This stuff has been publicly available for decades. I
| learned using the MIT Guide to Lock Picking from 1991, and
| bought a lockpicking set online, and off I went. Nowadays
| it's just easier and more accessible (like most things).
|
| https://www.lysator.liu.se/mit-guide/MITLockGuide.pdf
| NikolaeVarius wrote:
| The Anarchist Cookbook has been out for a while, its
| probably fine.
| NikolaeVarius wrote:
| Most electronic locks are still garbage. Even if the computer
| part is somehow perfect (which it wont be), they
| normally/should contain bog standard manual bypasses
| tyleo wrote:
| These look amazing! For anyone not aware: lock picking is already
| easy on most locks. I was locked out of a keyed door in my last
| apartment once and was able to pick my way back in with no
| experience, a friend's lock picking kit, and a few YouTube
| videos. The whole thing took less than 30 minutes.
|
| Since then I've thought of locks more like deterrent than
| bulletproof security.
| dec0dedab0de wrote:
| The old saying is that locks are for keeping the honest people
| out[1]. Over 10 years ago I was able to pick my garage door
| lock with a pen cap, a bobby pin, and a youtube video. Around
| the same time I realized how locks were important as I had
| friends and family walk into my house because I wasn't
| answering the door or my phone.
|
| [1] i tried to find who said it, but it looks like there are a
| ton of variations.
| jart wrote:
| I thought it was "keeping honest people honest".
| ineedasername wrote:
| Yep, my first pick on a standard lock took fairly little time.
| If you're talking about something like a normal house door
| lock, even a beginner picker, with darkness as a cover, can get
| through without risking the sound generated by an entry through
| physical force.
|
| My view is that you choose lock cores based on how difficult
| you want it to be to pick before it makes more sense to resort
| to destructive entry.
|
| For a bike lock on the street, a few minutes of picking won't
| look much different to pedestrians than someone simply
| struggling with their own bike lock. But destructive removal is
| much more obvious. (Unless it's a physically flimsy lock, or
| even a beefy one with a simple bypass vulnerability)
| vkou wrote:
| > But destructive removal is much more obvious.
|
| It's much more obvious, but nobody is going to give two craps
| about you taking an angle grinder to someone else's bicycle
| lock. Bystanders don't want to get involved, and police don't
| pay any attention to bicycle theft.
| gnicholas wrote:
| A neighbor of mine recently posted on Nextdoor about his
| bike being stolen from the Safeway in Menlo Park.
| Apparently two men looked on from their Teslas and did
| nothing while the thief used bolt cutters to remove the
| lock. A nearby woman did go after the thief, but
| unsuccessfully. The bike was worth several thousand
| dollars.
|
| I am thinking of getting a Boosted Rev (escooter, $1,600)
| and have wondered how I would secure it when going into
| stores. It seems as if any lock under $120 can be snapped
| by 3-foot bolt cutters (and the more expensive ones can
| still be easily picked).
|
| I think I would probably get a decent u-lock and also a
| lock that makes noise and is triggered by even slight
| motion (to draw attention if someone is fiddling with it.
| intergalplan wrote:
| My experience is that the cops don't care a bit about
| thefts into the mid thousands, even if there's a high
| likelihood the culprit _and their car, probably including
| the plate_ were caught on camera multiple times. "We'll
| have your report for insurance in a week. No, we're not
| even going to make a couple phone calls to investigate."
|
| Hell, one time a small company I worked for had five
| figures of gear stolen in a break-in... and then several
| other businesses in the area did, too. Well over $100,000
| (retail) of equipment stolen by the end. Multiple cameras
| at multiple businesses caught them, including their van and
| plate number. The cops did the same, "yeah, yeah, here's
| your report, we don't care" until someone called them
| _while sitting directly behind the van in question_ and
| told them they 'd found the guys and to get off their asses
| and do something.
|
| AFAIK nothing was recovered anyway, but I think they were
| at least arrested. Yay?
|
| I honestly don't know what they do aside from give out
| traffic tickets and harass people.
| ineedasername wrote:
| That depends-- it's not a great idea to confront a thief,
| but I think there's at least a fraction of the population
| that would walk on for a bit & then call the police, and if
| there's a unit in the area it might at least take a drive-
| by. Or the thief might be unlucky and have a cop stumble on
| their effort.
|
| So, yes, destructive lock removal can still be fairly safe
| for the thief, but there is still a lot of increased risk
| if you employ a proper lock that would require an angle
| grinder, and most thieves probably don't bother to carry
| around tools like that and will simply move on to one of
| many ample opportunities for an easier target: A handheld
| compound bolt cutter will cut through inferior locks faster
| than opening with a key, so why bother bringing bulkier
| more obvious tools that increase risk even a little bit?
|
| It's not about whether your bike can be stolen: it almost
| certainly can. It's about making other targets more
| attractive.
| ModernMech wrote:
| Most people also forget that the security is vulnerable even
| before you get to the lock itself. One time I was at the beach
| with my in-laws and they locked themselves out of the beachouse
| rental. I just whipped out a credit card and slid it in the
| door jam. The door opened right up. Another time I misplaced
| the key to a storage unit in my apartment complex. I just took
| a small hacksaw and was through the thing in a couple minutes.
| The only thing it was protecting me from was people who didn't
| want to steam my stuff in the first place. Anyone with an ounce
| of determination would have been off with my stuff.
|
| And this doesn't even begin to touch on other vulnerabilities,
| like the hinges of doors being on the _outside_. Just take a
| screw driver and hammer and pop the pins out.
| phkahler wrote:
| >> Since then I've thought of locks more like deterrent than
| bulletproof security.
|
| Remember, a rock to the window will get someone into your
| house. A bolt cutter will take off small padlocks. So yes, most
| locks are there to protect from the casual or opportunistic
| thief. That doesn't mean we don't need the of course.
| tyleo wrote:
| Indeed. I've also had to bolt cut my way into a storage unit
| I forgot the combination to. Bolt cutters could be rented
| from the local Home Depot and cut my way into my own storage
| unit with no knowledge from the staff. It was my lock so no
| damage to the owners.
| bena wrote:
| Yes, my wife was really insistent on our front door being
| locked while we were inside our apartment. I pointed out to
| her that our front door was nearly top to bottom glass panes
| and if someone with ill-intent wanted to gain entry, all they
| had to do was bust a pane and unlock the door themselves.
| michael1999 wrote:
| Was she reassured?
| EricE wrote:
| >Remember, a rock to the window will get someone into your
| house.
|
| Security films that dramatically up the ante on what it takes
| to go through windows are getting cheap and easy to install.
| If I had thought about it when I got my windows tinted a few
| years back I would have just had them added on, especially
| for my downstairs windows (not sure I would bother with most
| of the upstairs - I have no trees or easy access to most of
| them).
|
| There are many simple things you can do to dramatically up
| the ante on what it takes for someone to molest your stuff. A
| recent news story talked about people using coat hangers to
| trip emergency garage door releases so a quick re-security it
| with a zip tie that will break with a solid tug for it's real
| use, but be too hard to break with a wire from outside is all
| that was needed to close that "hole".
|
| Need a place to share this kind of stuff for homeowners. I
| recon it would probably be a small percentage but still a
| large number.
| Swizec wrote:
| > Since then I've thought of locks more like deterrent than
| bulletproof security.
|
| To be fair most american houses are built such that a
| reasonably burly person could punch through the wall. I've seen
| friends leave big holes in the wall just from falling down some
| stairs. Glass windows also are easy to get through.
|
| The problem with lock-picking is that it doesn't leave signs of
| a break-in.
| OminousWeapons wrote:
| Yea at the end of the day it's all about what your threat
| model is. The strategies you use to defend against overt
| entry are not the same as the strategies you use to defend
| against covert entry (although there is overlap).
| kube-system wrote:
| I'm sure your friends have probably made holes from the
| interior drywall and into the wall cavity, but I doubt that
| hole went through the exterior sheathing or siding. The
| interior drywall is basically decorative. To get all the way
| through the wall, you're going to need a bit more than a
| punch. It could be done with basic tools, but regardless,
| breaking a window is still a quicker way inside, and most
| houses around the world have that as a weakness.
| Swizec wrote:
| You are probably correct.
|
| However I've heard fun stories from my part of Europe where
| most people live in apartment buildings and own their
| apartment. Armored doors are a popular upgrade.
|
| But nobody upgrades the thin brick wall holding that fancy
| $3000 armored door ... you can guess what started happening
| as thieves realized the doors are too difficult and a
| window on 5th floor isn't very accessible.
| foobarian wrote:
| I'm 70% sure you are hinting at thieves cutting holes in
| the wall. The 30% is for stealing the $3000 door. :)
| sizzle wrote:
| Also punching into a stud behind drywall would not end
| well...
| maxerickson wrote:
| It would suck to punch through OSB, which is the wall
| sheathing in most modern US houses.
| Scoundreller wrote:
| OSB? That would be a very expensive fix.
| knute wrote:
| There was a while in the 90s/00s when code only required
| wood sheathing on the corners, and elsewhere you could have
| just insulating foam sheathing. So if you had vinyl siding,
| someone could pretty easily break into your house with just
| box cutters.
| jschwartzi wrote:
| Use an axe or a chainsaw.
| Scoundreller wrote:
| > The problem with lock-picking is that it doesn't leave
| signs of a break-in.
|
| Sorta. Lock picking will leave marks/wear that no key would.
| So I recommend everyone try to pick their own lock today to
| make it look like someone picked it for up-to-no-good
| reasons.
| outworlder wrote:
| Do not pick any locks you intend to actually use or can't
| easily replace!
|
| Sure, some locks won't care. But there are some that can
| permanently jam pins if you don't know what you are doing
| (and, in some cases, even if you do).
| falcolas wrote:
| LPL even shows how to create one of these from a fairly
| ordinary core and some master discs.
| [deleted]
| jjbinx007 wrote:
| I was surprised to see just how easily this Master Lock key
| safes are to unlock with a bit of practice. However, when you
| consider it's not much more effort to pick the door lock anyway
| I don't suppose it matters much.
| whydoineedthis wrote:
| aaaaaaaaaand..it's sold out.
| mjs7231 wrote:
| A quick search for Lishi tools shows many sites selling them.
| At $80 each, the cost to tinker around is too high for me.
| AliExpress has what I assume to be terrible quality ones
| selling for about $40 each.
| irq wrote:
| Can you link to them? All I can find on such a search are
| identical tools for automobile locks- cannot find the tools
| for household locks he shows in the video.
| poyu wrote:
| You need to specify what model you want
|
| https://a.aliexpress.com/_msqAPWl
| jokoon wrote:
| I've read stories on reddit of people picking locks of hotel or
| motels to sleep free of charge.
|
| I'm wondering what kind of victim free stuff one can easily get
| away with by picking locks.
| lowbloodsugar wrote:
| My eldest teenager took about a day to learn how to pick these
| locks. It's just not that hard.
| timonoko wrote:
| Noticed recently that even Cheap Chinese bicycle locks are now
| "dimple" locks. People do understand now that these
| "american"-style pin locks are quite useless, as opening them is
| everyman's sport. In dimple lock the key goes in sideways, and if
| the keyway is tight enuff, you cannot make a rake to fit in. Also
| you can design the keyway so that you cannot flip them dimples
| from side channel with a "flag" pick.
| DigiDigiorno wrote:
| There are rakes and picks for dimple locks. (And I don't think
| any dimple lock has won the tolerance game on keyways for mass
| produced locks) Dimple locks are just less common. The more
| common they become and more common you'll see the rakes and
| picks made for them. Despite the flags being very easy to make
| yourself, they're uncommon enough that if you buy them from a
| pick store you pay a niche premium.
|
| I will say a product is more likely to be secure if the
| manufacturer is intentionally choosing a rarer style simply
| because they are taking security into account
| timonoko wrote:
| I found a bicycle dimple lock last week on the street. I find
| it impossible to pick open. The dimple row is so tight that
| you can fit only straight blade in, raking is impossible. I
| have been making flags, but it seems to be impossible to find
| right curved shape so that the pin is fully movable. Also I
| have made a narrow blade for my Lock Pick Gun, but all in
| vain. Soon I have to send this bloody lock to Lock Picking
| Lawyer, situation is so desperate.
| e12e wrote:
| I had to look up an example:
|
| https://youtu.be/DcZVxP6lTrE
|
| I guess I can see how they might be made to tighter tolerances
| and tighter keyways.
| snet0 wrote:
| I'm curious: do people expect mechanical locks such as these to
| continue being used in the future? 20 years? 50 years?
|
| I'm kind of imagining that at some point, someone will "solve"
| locks, and create a physical equivalent of RSA. I expect that
| mechanical solutions will be too cost-prohibitive, so is the only
| route for progress through electronic lock systems? From a few
| videos on this channel, it looks pretty dire for those, but
| perhaps the incentive isn't there yet.
| kube-system wrote:
| Yes. Locks in meat-space have always been and will always be
| deterrents. While you can't always brute-force your way through
| a math problem, you can brute-force basically any physical
| material.
| foobarian wrote:
| It's fun to point out to laypeople how insecure the mechanical
| locks are, and how easy they are to pick. But it's less often
| mentioned that this is a desirable feature; imagine bulletproof
| locks - what would the recommendation be to people who get
| locked out? What would the economic damage be across the board?
| NikolaeVarius wrote:
| You cut it
| snet0 wrote:
| I think this is kind of central to what a perfect lock
| would be. The only non-authorised access should be
| destructive.
| kube-system wrote:
| While there are some locks that attempt to do stuff like
| this (Bowley locks?), the trade off for perfection is
| cost and recoverability.
|
| This might be useful for niche use-cases or academic
| reasons, but for a commercial product, the value
| proposition doesn't make as much sense. After a certain
| point of pick/bypass resistance, adding cost to a lock
| isn't actually protecting most users from any plausible
| attacker. And is more likely to prevent the authorized
| user from gaining access in a lockout scenario than it is
| to prevent a real-world attack.
|
| In most cases where someone faces a sophisticated
| attacker that could bypass a security lock, you'd be
| better served by layering other security techniques,
| instead of putting your eggs all in one basket with the
| physical lock.
| johannes1234321 wrote:
| And in addition: the weak spot often isn't the lock but the
| window next to it, the door frame or similar. The lock
| prevents somebody from getting in by accident (I had my drunk
| neighbor once trying to get into my place at night ...) but
| the typical door and lock don't protect against somebody who
| wants to to get in. For that protection you have to pay a lot
| more
| SavantIdiot wrote:
| My dad's $2500 in-wall gun safe battery died and he couldn't
| find the key. I made a bet with him I could pick it and he
| laughed and laughed. I ordered a 7-pin tube pick of amazon, had
| it fedexed, and had the safe open in under a minute (shocked
| myself, I'm not bragging, honest). I got a fancy dinner out of
| it.
|
| Point is: there is no digital solution for this problem. It
| will always have an analog solution.
| mNovak wrote:
| Security and convenience are always a trade off. If you don't
| want the hilariously low security analog bypass, then you
| have to provide means for backup power. For an in-wall safe,
| mains power would seem reasonable.
| gnopgnip wrote:
| The Bowley lock is pretty close to a purely physical lock that
| cannot be opened non destructively without the key. Basically
| it is a warded pin tumbler lock, the pins are 180 degrees
| offset from where you put the key in, surrounded by a steel
| cylinder that needs another 180 degree bend. This combination
| of the 180 degree offset and the narrow bend really limits what
| kind of tools a lockpick can use. With the offset they can't
| insert and remove individual tools without rotating and
| retracting all of them, losing any tension or set pins. Because
| of the bend they won't be able to manipulate all the pins with
| one tool either. So a lockpick would need a tool to tension,
| and 3 or more picks to manipulate the pins. The physical
| tolerances of the lock really limits bumping, there is limited
| front to back play, so full depth cuts won't work. There are
| also the usual security measures to limit bumping and electric
| lock guns, zero lift pin, security pins.
| matteotom wrote:
| I think, fundamentally, physical locks _can't_ be solved. At
| the end of the day, given enough time, there will always be a
| physical workaround to a physical lock. Even with a "perfect"
| electronic lock, somebody could always just cut through the
| door.
|
| IMO the purpose of a lock is to either 1) slow down an attacker
| long enough for (eg) police to show up, or 2) discourage an
| attacker from breaking into _your_ house in favor of your
| neighbor's house.
| snet0 wrote:
| I think mentioning "well if the lock's too hard they'll just
| break the window" is missing a point: locks right now are
| just too _easy_. Destructive bypasses to locks, or even just
| cutting the lock into pieces, are probably a good thing,
| since it prevents the equivalent of losing your Bitcoin
| wallet. But you want the attacker to be forced to either make
| a loud mess or go elsewhere.
|
| If you didn't encrypt HTTP, you could sniff packets on the
| network, walk through the front door. If it was weakly
| encrypted, someone with some level of expertise could
| basically do the same, pick the cheap lock and walk through
| the front door. With RSA-like encryption, this avenue of
| attack is basically closed, and now the options are more like
| "try and steal this guy's laptop" or "launch MITM attacks".
| Animats wrote:
| _I think, fundamentally, physical locks _can 't_ be solved._
|
| Sure they can. Lock-picking is a search for a minima. You
| just need a design where there's no way to tell if you're
| getting closer to the right combination. That is, something
| senses the combination on the key, saves it, and then tests
| the saved info while protected from manipulation. Doing this
| cheaply and in a small package is difficult.
|
| Someone recently built such a lock and sent it to the Lock
| Picking Lawyer.[1] No results yet.
|
| One classic lock close to that was the Chubb Detector Lock.
| If any lever was pushed too high, the relocking device
| tripped and the lock would no longer open. Use the wrong key
| and you were locked out.[1] This was usually fitted with a
| second mechanism so that turning the correct key in the wrong
| direction would reset the detector. If built without the
| reset feature, pick attempts or using the wrong key would
| disable the lock permanently. This was highly secure but
| inconvenient.
|
| This is probably a solveable problem if you're willing to
| have a sizable box on the the door, like 19th century door
| locks or jail locks today. You'd want that anyway, for
| mechanical strength.
|
| [1] https://hackaday.com/2020/11/29/making-a-unpickable-lock/
|
| [2] https://youtu.be/7Q6rsbeJZMs
| ufmace wrote:
| I don't think it can be "solved" in that way. If you're going
| to have a physical lock, it needs to have a physical locking
| mechanism somewhere. If you watch lock picking youtube, you'll
| see that virtually all electronic locks sold today have
| horrendous physical security. Given the state of their physical
| security and the even more terrible state of IoT digital
| security, I doubt that the controllers of these locks are
| really secure either, though I haven't seen any reports of them
| being attacked in that way.
| mazoro wrote:
| What does the (supposedly) Chinese characters on the key say?
| jerrysievert wrote:
| likely the name of gentleman who created them?
|
| http://www.originallishi.com/about-lishi-tools/
| BugsJustFindMe wrote:
| "Your server is running PHP version 5.4.45 but WordPress
| 5.7.1 requires at least 5.6.20."
|
| That's an interesting name!
| [deleted]
| jerrysievert wrote:
| > " Today's Original Lishi tools are the brain child of Zhi
| Qin Li. These amazing tools were invented in early 2000 in
| response to the need to help his locksmith friends and his
| trainees."
|
| Note that the picture on the sets are of him as well.
| yodon wrote:
| In California, anyone selling a lock pick needs to keep the
| driver's license number of the purchaser on file and available to
| police for a year. Other state by state laws on lock picks are at
| [0].
|
| [0] https://toool.us/laws.html
| NikolaeVarius wrote:
| One of the dumbest laws on the books.
| capableweb wrote:
| King Louis XVI of France famously enjoyed both designing and
| picking various locks.
| travisjungroth wrote:
| My guess is the number of crimes that law has prevented or
| solved is very, very low.
| MeinBlutIstBlau wrote:
| They might catch the oceans 11 crew one day! Just you watch!
| yeneek wrote:
| We have no such law in Czechia. Burglars usually break locks or
| doors, it's quicker and works every time.
| aaroninsf wrote:
| Sold out atm.
| 089723645897236 wrote:
| so Lockpicking Lawyer is a badass and has way more tool time than
| me. But lockpicking is surprisingly easy. He does it precisely
| and slowly, but it can be done much more aggressively and with
| less thought. Individually manipulating the pins is great but
| turns out aggressive imprecise raking works too, especially on
| cheaper locks. Lots of techniques out there.
| yabones wrote:
| There is no such thing as a lock. There are only timers
| accelerated by skilled attackers.
|
| Same goes for encryption. Your AES-256 is great today, fine
| tomorrow, and probably broken in 10 years.
| cosmodisk wrote:
| Some time ago I did purchase a lockpick kit to play around with
| ot for a bit. The tools in the video seem to be a useful help for
| beginners,but ultimately they need to develop that intimate feel
| of where exactly the tool is in the lock and what's going on
| there. Slight slips, movements,and other indicators are very
| important to the over success of lockpicking.
| aidenn0 wrote:
| ELI 5: why do most locks not have security (spool, mushroom, &c)
| pins? Those are absolutely harder for a beginner to pick, and
| also provide a measure of security against bumping.
| cmeacham98 wrote:
| As long as a lock is harder than other easy methods of entry
| (i.e. smashing a rock through your window) it is 'good enough'.
| jstanley wrote:
| Because almost no burglaries are down to locks being picked.
|
| Even cheap locks are good enough that in most installations
| they are not the weak link.
| yeneek wrote:
| This and there is also higher probability that you will loose
| keys and picking simple lock is much cheaper.
| jstanley wrote:
| I once lost my keys and called a locksmith. He opened the
| door by reaching through the letterbox with a lever and
| turning the door handle from the inside.
| doikor wrote:
| They cost money. The less security features you put in the
| bigger the manufacturers cut.
|
| edit: And there are a lot good lock companies producing quality
| locks. They just cost like $100 (and way more for doors. A
| quality abloy lockbody and the stuff on the frame is like $300+
| without work) for a lock while a cheap one costs like $5.
| Though expensive does not mean good some are just scams so be
| careful/read up on what you are buying.
|
| And still even these good ones are pickable just require
| hundreds or thousands of hours (and specialized tools) to
| become good enough to do it reliably instead of 5 minutes.
|
| And for doors once you put a quality lock on it you need a
| skilled worker to properly install both the lock and the door.
| Look up some physical pen testing videos online how shitty
| installs the worlds is full of. Basically you can get in
| through so many doors with a small piece of scrap plastic.
|
| Also once you get a really good lock a locksmith (or pretty
| much anyone for that matter) will not be able to pick it. So if
| you lose your keys it will have to be broken and then you are
| out your expensive $100+ lock.
| Kirby64 wrote:
| Because an angle grinder/die grinder works equally well on a
| very expensive pick resistant lock as it does on a cheapo
| master lock. Even cheap master locks have reasonably sturdy
| shackles. The only exception to that, I guess, is truly cheap
| stuff that bolt cutters work just fine.
|
| Why bother? There's no skill to angle grinding off a lock
| shackle, literally anyone can do it.
| gmiller123456 wrote:
| Really a cost/benefit thing. Yes, it does make it harder, but
| not really so much harder that it's going to keep a significant
| number of people out. If they were more popular in practice,
| more people would learn to pick them. They also make the lock
| more prone to jam, and not as smooth.
___________________________________________________________________
(page generated 2021-05-03 23:01 UTC)