Lockpicking Competitions in the 1850s

Interesting history.

Posted on June 2, 2016 at 2:20 PM • 9 Comments


Remus June 2, 2016 3:33 PM

It looks like an interesting article. Unfortunately access to it is "restricted."

TatütataJune 2, 2016 4:44 PM

Remus: Try the online services of your local, national or university library.

I readily found it in two separate libraries I have a card for, in two countries. Too bad I can't share it. Whatever the flaws of lock-picking contests, some still hoped that the competitive pressure they engendered would lead rival locksmiths to pre-empt advances in criminal techniques, and thus prompt improvements in security product design.

It is indeed about the 1850s, in the era of Chubb, and not of Feynman. (He had something of a reputation of a lock-picker at Los Alamos, but he explained that it wasn't that difficult).

No mention of zero-day exploits in the paper. No record either of Mycroft (Sherlock's older brother) systematically weakening everybody's locks in the name of Her Majesty and the Defense of the Realm.

Remus June 2, 2016 5:01 PM

Tatütata, thanks for the suggestion. Neither my current university nor my public library are subscribers, but after reading your comment, I tried those for a university I attended 30 years ago -- they worked.

Clive RobinsonJune 3, 2016 5:05 AM

@ K15,

Please explain how security works?

You did not ask which sort of security... Which makes the answer harder to understand.

At it's lowest level security is about "correct functioning of a system when transitioning it's states". All systems exist in states and are designed to move from one desired state to another desired state under a set of rules of operation, that is the transition is also a state. Providing all the states are known correctly and all the rules correctly specified and implemented then the system will always be correctly functioning.

The problem with this is two fold, the first is that knowing all the states even in the simplest of systems is effectively impossible, the second is that as the number of rules increase so does the number of states.

So in effect security is a game of trying to find faults in a system, most frequently these faults are to be found in the transition states, which has not be correctly understood and thus specified.

As the thread is about lock picking, which is physical security, as an example consider the split pin in the barrel and body of a lock, on which the correct functioning of the lock depends.

As the pin is operated by the insertion of the key it moves against the preasure of the key and the preasure of the spring pushing the pin into the tumbler. At a given hight the split in the pin is at the transition between the barrel and the body of the lock. The assumption is that only with the correct key will the five or more pins in the barrel be at the correct position that all their splits align with the barrel / body transition and therefore the barrel can turn activating the latch etc.

The first thing you notice on examinimg locks of this type is that different metals are used for the pins and the body and barrel. The reason for this is a mixture of cost and reliability in many environments. A consequence of this is if the lock is over engineered it will "bind" up due to thermal and dirt issues. To prevent this the design has larger tolorences or "slop" to overcome the binding issue. The problem with the slop is it is, what enables the lock to be picked or profiled thus opened by others without access to the correct key.

To try to prevent picking and profiling various tricks have been tried over the years including puting "mushroom heads" on the faces of the pin split. The result is attackers look for new avenues of attack and generaly find them.

Unfortunately lock makers have an issue with the pins they can not get around which is the laws of physics. You have probably seen an executive desk toy called a "Newton's cradle" where five heavy hard balls are suspended by pairs of threads. Where if you swing a ball up at one end and let go it swings back into the other balls and as if by magic the ball at the other end jumps off and compleates the swing and comes back thus the two end balls behave like a pendulum.

Well the science behind Newton's cradle is what alows the pins in a lock to be "bumped" that is if you put in a correctly profiled key and hit it with the correct force the tops of the split pins will jump up against the springs and move into the body of the lock whilst the bottoms of the pins will remain in the barrel which means for a very short period of time the effect is that all the pins are split in a manner that alows the barrel to be turned. With practice people can get the timing right with just a few bumps and thus open the lock.

The way to reduce the susceptabilty of a lock to bumping is by designing the lock in such a way that applying sufficient force to the split pins is to difficult to do. That is you close the slop in the Newton state down making the transition state it occurrs in --hopefully-- to slim to exploit. But this introduces other problems, which possibly open other attack routes, even if it is just a "Denial of Service" on the lock, causing other security measures to be changed untill it is repaired.

I hope that helps give you an idea of why security is both interesting and hard.

Slime Mold with MustardJune 3, 2016 4:34 PM

@Clive Robinson

"Bump" keys are always cut to the maximum depth. See page 4 here . The key must, of course, be from the lock's manufacturer. You would be surprised how many hardware store employees will hand you a blank without question. An actual locksmith never would.

MikeJune 3, 2016 7:36 PM

Good Evening,

Am astounded of the relationship between you and IBM.

Mainly, I'm curious on how you maintain your integrity in the context of working for IBM.



Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.