Comments

GorbagApril 27, 2015 2:23 PM

As a locksport enthusiast, the main problems I see with locks are pricepoint and ignorance. The cheapest locks sell the best, and wind up being omnipresent. They also do little beyond keeping honest peopke from temptation.

JaysonApril 27, 2015 4:18 PM

@Gorbag
The price of security is more than just the lock. One could spend more on a lock, but then would have to upgrade the door and door frame as the lock could just be ignored. Then it would be time to move on to the back door, then windows, etc.

The same applies elsewhere, bike locks are extremely easy to pick, but it's faster to just cut the cables. The lock is just symbolic.

PatApril 27, 2015 6:26 PM

@Fred P

Thanks for the link.

"Bruce noted that a decade ago"

Which is exactly why it should be mentioned again for the benefit of more recent blog readers.

Carl 'SAI' MitchellApril 27, 2015 6:26 PM

A few months ago my apartment's deadbolt lock broke. It was stuck closed, and couldn't be opened. It was 11PM on a Sunday night. The super was out of town for the weekend. So I notified my landlord and then kicked in the door.

It took one kick near the locking mechanism. Not even a particularly hard one, though I am a trained martial artist so it was probably stronger than average. The door is solid oak.

No one in any of the other apartments in the hallway peeked out to investigate.

Locks aren't going to stop anyone serious about getting in. At best they'll slow them down, or provide extra evidence of a break-in.

Jonathan WilsonApril 27, 2015 6:28 PM

I would be willing to bet that 99% of the locks on the market relying on purely physical keys for security (including all those combination and electronic locks that have physical keys as backup) can be defeated even without the attacker ever seeing the key. If the attacker has any kind of access to the key (or even a decent photograph of it) they can almost certainly replicate it, even if its a super-high-security restricted key.

Jonathan WilsonApril 27, 2015 6:41 PM

Oh and the other problem with locks is that in many cases (high-rise apartments opening into an internal corridor) there are often building and fire codes that restrict what sort of door and lock can be fitted (usually in the name of fire safety and ability to escape in an emergency), preventing you from installing security screen doors, high-security steel doors and high strength locks. Or you may have developers or homeowner associations restricting what you can install (security screens in particular may be banned)

Nick PApril 27, 2015 7:14 PM

Nice article. Here's a great Black Hat presentation on the topic that talks the issues and recommends some locks. I found a few new ones I'd never heard of at the end.

Nick PApril 27, 2015 7:20 PM

EDIT to ADD: Forgot to add that I loved the usability and security of this combination lock. I remember irritation when first discovering such locks at trying to remember how many times to spin in each direction, etc. Entering the combination is straightforward on this one. There is an extra step or two, but it's conceptually simple. Room for improvement there. (i.e. lock opens as soon as combination is entered)

Anonymous 1April 28, 2015 3:31 AM

The really high security locks nowadays are magnetic. With different magnetic 'strength' tolerances throughout the lock they're exceptionally difficult (and haven't been defeated yet) to manipulate.

They're also very expensive so unless you've got a very good door (that can't be easily kicked in) they're probably not worth the money considering you have a backdoor, windows or walls/roofs to enter through if the burglar is very determined.

Clive RobinsonApril 28, 2015 7:46 AM

@ Nick P,

I remember irritation when first discovering such [combination] locks at trying to remember how many times to spin in each direction, etc.

The thing that most people do not realise about "spin dial" mechanical combination locks is that due to the standard design there are actually two combinations that open it... and with a little thought and some knowledge of the combination wheels you can calculate one from the other...

(If anyone needs an explanation as to why I can tell you but it's quite long winded).

WaelApril 28, 2015 8:16 AM

@Clive Robinson,

(If anyone needs an explanation as to why I can tell you but it's quite long winded).

I do! "long winded" coming from you can be an epic. Will be interesting, nonetheless :)

Markus OttelaApril 28, 2015 3:13 PM

Here in Finland nearly every house has an Abloy lock. With 4k burglaries annually, the cases where an Abloy lock has been picked is AFAIK, one. In that case, the lock was an older Abloy classic lock where the first tumbler does not rotate freely. Due to this flaw, it was possible for the expert lock picker to open the lock with a tool called vempele. The modern classic doesn't have this problem. Disc detainer (tumbler) locks do not use springs, and they also can not be bumped.

I found a video where a classic is picked. I'm pretty sure it's the older Abloy Classic as the tool he's using looks a lot like vempele.

Regardless, the 16 year old Exec has never been picked, nor have Sentry, Protec or Protec2. Note that they can still be drilled.

Also, regarding competitive disk detainer locks, Abus, OnGuard and Kryptonite are crap. Don't buy that faeces.

GorbagApril 28, 2015 3:55 PM

Abloys, while great at being highly resistant to picking, have a serious design defect. You can exploit that defect with a properly sized bolt and a hammer, dumping the disc pack:https://m.youtube.com/#/watch?v=4tc8LJiBuOc

Markus OttelaApril 28, 2015 4:24 PM

@ Gorbag

True; I've broken a couple of Abloy Sento/Exec/similar with dynamic entry kit (all legal of course). In the case of Abloy padlocks though, there is no room for the disks and washers to sink in. For every lock, there's a destructive way in.

anonymousApril 28, 2015 6:05 PM

Clive Robinson • April 28, 2015 7:46 AM

The thing that most people do not realise about "spin dial" mechanical combination locks is that due to the standard design there are actually two combinations that open it... and with a little thought and some knowledge of the combination wheels you can calculate one from the other...

(If anyone needs an explanation as to why I can tell you but it's quite long winded).


In other combination-lock news today...

http://arstechnica.com/security/2015/04/28/how-to-crack-any-master-lock-combination-in-8-tries-or-less/

How To Crack Any Master Lock Combination In Eight Tries Or Less

Gymnasium locker rooms may never be secure again, thanks to quick and easy hack.
by Dan Goodin - Apr 28, 2015 3:32pm MDT

There's a vulnerability in Master Lock branded padlocks that allows anyone to learn the combination in eight or fewer tries, a process that requires less than two minutes and a minimal amount of skill to carry out.

The exploit involves lifting up a locked shackle with one hand while turning the combination dial counterclockwise starting at the number 0 with the other. Before the dial reaches 11, there will be three points where the dial will resist being turned anymore. One of them will be ignored as it is exactly between two whole numbers on the dial. The remaining two locations represent locked positions. Next, an attacker again lifts the locked shackle, this time with less force, while turning the dial clockwise. At some point before a full revolution is completed, the dial will resist being turned. (An attacker can still turn through it but will physically feel the resistance.) This location represents the resistance location. The two locked positions and the one resistance position are then recorded on a Web page that streamlines the exploit. . . .

PeanutsApril 28, 2015 10:50 PM

@ anonymous
"Are then recorded on a webpage that streamlines the exploit" ... and forwards the report with address GPS location and combination to agency ready for further exploitation

NathanaelApril 29, 2015 12:07 PM

Locks are designed to deter pilfering by the easily tempted. Not to deter serious burglary; for that, you use vaults.

sideshowbobApril 29, 2015 12:29 PM

Great read. Although almost every padlock that I have ever seen can be easily defeated with a pair of bolt cutters.

FrasierMay 17, 2015 6:36 AM

Although Abloy locks are good, there is an alleged flaw with Abloy locks making it possible to make master keys. A retired locksmith here in Finland has been banned by the court (on the request of Abloy) from sharing the details with a 500 000 € penalty if he does. Security by obscurity?

(http://www.ts.fi/uutiset/kotimaa/481141/Oikeus+Abloylukkojen+murtoriskista+vaiettava for more details, in Finnish).

HuxleypigJanuary 9, 2016 3:21 PM

That video of the Abloy Classic being picked is mine and it is a new Abloy Classic camlock. My tool tensions from the rear. not the front (like the Vempele).

Sentry, Protec and Protec 2 have all been comprimised non-destructively.

TimNJanuary 25, 2016 10:43 PM

Bruce,

Thanks so much for the pointer to this important milestone in lock history.

I would like to suggest that no discussion of the 1851 London Expo can be considered complete without mention of the
Aubin Trophy Lock - a spectacular, hand-crafted tribute to lock and key innovation built for the 1851 Expo by Charles Aubin.

Looking like a shiny brass wedding cake, it contains 44 interconnected locks arranged in 3 layers, each lock representing a specific patent or manufacturing innovation. Each lock contains a matching key and can be operated independently -- or using the large Bramah key at the crown, all 44 locks can be operated synchronously.

The "lock" is brought out for public viewing once per year.To see the lock being operated, see this video.

Had it not been for the the "Great Lock Controversy" detailed in the link you provided, Aubin would likely have gotten much more credit for this feat of hand-crafted engineering.

For more images of the Aubin Trophy Lock, see Google Images




A hexagonal base supports a central column about 36 inches high. Three circular platforms are horizontally attached to the column at different heights. Each of the vertical faces of the base contains a lock operated by its own key (nos. 38 - 43 in the list of locks). Each circular platform contains a number of locks, 16 on the lowest, 12 on the next and 9 on the top. At the top of the central column is a Bramah lock (no. 44), the crowning glory!



The locks on each platform are arranged so that their bolts shoot outwards or radially away from the axis of the machine. Every lock has its own correct key inserted in the keyhole and attached to the key pin. Since the locks are placed horizontally, the shaft of each key is vertical. Within each of the platforms and the central column is a delicate mechanism of levers, racks and pinions. These are linked to the barrel of the Bramah lock. Operation of this by its key causes horizontal rotation and rotary movement of the vertical rod inside the centre column. At each platform level this rod operates on the racks and pinions and these in turn, act upon the key pins in each lock. Turning the Bramah Key causes all of the key pins and keys to rotate, thus moving all the individual lock bolts simultaneously. Depending on the direction in which the Bramah key is turned, the lock bolts are either thrown or withdrawn.



Each of the forty-four locks is a faithful reproduction of the several patents or mode of construction to which they refer. The lock cases are ‘cut-away’ to provide a view of the principle in each design.


For vintage lock collectors, the Aubin Trophy is the Unobtainable Holy Grail. A one of a kind item that literally demonstrates the state of the art at the time it was created. Imagine what the same creation, built with today's state of the art technology would look like.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.