One of the more striking points of this article (for me) was not so much about lockpicking. It was this statement:
"Some lockpickers observe a code of responsible disclosure
by providing manufacturers information on weaknesses they
discover in locks they defeat -- just like responsible computer
hackers do when they detect security flaws in software."
I'm thrilled to see a statement like this coming from the mainstream media.
I'm surprised there are not more digitally controlled locks on the market - something that has an embedded microcontroller that releases a solenoid if the right code is entered.
What's a locksmith hacker to do with such a lock? There's no keyhole to use a diamond pick and so its basically a metal brick. I don't see too many ways to open it without destroying it physically.
Maybe I'm missing the big picture, but a traditional keyed lock seems about as high-tech as an ancient model-T car. It's completely out of place given the latest technology available today.
The big problem with digital and electronic locks in general is maintaining the power source. Mechanical locks have extremely low maintenance requirements, and could be left unattended for months or years without issue. Even if they then stick, a quick shot of WD40 will usually allow entry.
Electronics, on hte other hand, rely either on external power, or some sort of internal battery. A battery is ill-suited to heavy duty-cycling when the lock will be opened/closed regularly, and an external source is potentially subject to tampering.
There do exist many electronic locks, typically for fairly low-security shared access doors, or where various additional requirements make them more suited (such as easily rekeyable card-locks for hotel rooms)
Electronic locks on the whole don't magically ensure security, and open up a whole new set of attack surfaces, whereas mechanical locks have been around for centuries, and have well-defined failure/exploitation modes.
Back in shop class, I build a cabinet with an electronic lock. I had the presence of mind to include a hidden bypass wire and link for an external power source, but years later when I needed to open the cabinet, the electronics didn't work.
That's really the only thing I've learned about electronics. Avoid reliance.
Problem, yes. Engineering problem to solve. The real issue is that these companies don't feel they need to innovate much, and so we're still stuck with technologies invented in the 19th century.
Handwaving at a problem and declaring it's just an "engineering problem" doesn't actually do anything to solve it... hey, wait, are you my manager?
The power problem is actually a big deal and shouldn't be minimized. Take the hotel situation; what happens when the hotel loses power? You can't have the locks fail closed, you end up with people trapped away from their stuff. Failing open is of course a bit of a problem, too. Locks by their nature tend to congregate around things that are actually important so you actually have some serious problems with a lock that is "down" even five minutes a year.
I'm hand-waving at it because this industry has had 40-50 years of high technology at its beck and call and has done little or nothing with it. This is an engineering problem, and making excuses for them ("Failing open is of course a bit of a problem, too") does not change the reality. They have failed to innovate, and the world is going to pay for that. The power problem? So don't use traditional power: experiment with something else. Try. They've had half a century, at least. If that industry had tried at all, it would've come up with more than this.
You deny my point, then just go on to reinforce it. The lock industry should just create a new magical power source? You just moved around the "mere engineering problem" label but if anything you've made your problem worse by being more clear about what you want to have magicked into existence, not better.
Non-destructive lockpicking is a sport these days; burglars would use bumping or other destructive technique like crowbar (with a much shorter path to success) since they won't care about the clean result. Maybe only relevant for spies/intelligence/other areas where you need to hide the fact that the lock has been picked.
And the fact that weak lock mechanisms are publicized encourages manufacturers to invent, it's all good.
I'm sorry, but this isn't completely true. (The part about burglars not using lock picks).
I am an amatuer locksmith, and I can open Masterlock No. 3 or No. 5 (which are used everywhere) incredibly quickly (less than 10 seconds, typically [especially on No. 5, which are horrible).
A half diamond pick and a torsion wrench are tiny, I can keep them in my pocket and nobody will ever notice... I can't do this with a huge bolt cutter.
Now, do I steal things? Absolutely not. Has getting into picking caused me to be much much more careful about what I lock up, where, and with what? definitely.
I'm all for locksports, I think the fact that people are getting into picking is awesome, but the idea that using a bolt cutter against a padlock is faster and more conveinient than using a pick is just plain wrong.
I remember first seeing the MIT guide and it sparked my interest, however I didn't want to make homemade picks. Can you recommend a good lock pick set?
I'm really the wrong person to ask; this is something I play with on my desk while I'm thinking through a problem and I'm sure the picks I have would be considered trash by a real locksmith.
That said, the first set I had (which I loved) were things I made myself. After those got ruined by people coming into my office and squealing "LEMME TRY" which resulting in them bending them to the point of uselessness, I bought a set at a "spy" store in Phoenix; they seem to work just fine for my purposes.
Honestly, I wouldn't get too caught up in buying "nice" picks. They're incredibly simple tools and I doubt that you're going to notice any difference between a good set and a cheap set if you're doing what I'm doing.
I have this set [1]. Though mine has a plastic handle so it was about half the price listed there. It's a nice set, quite small and very pocketable.
There's something deeply satisfying about picking locks, hearing each pin tick and feeling the barrel give just a little bit more than the last time you torqued it. I love it.
Ha! YES! That little snapping feeling. I still remember getting my first lock, :). I was on the phone with a friend and just raking the crap out of it until finally POP.
I don't see anywhere that you're refuting the idea that burglars won't use lockpicks, instead of messier but much simpler-to-learn entry methods.
I'm a decent hand with a lockpick myself, but when I had to get into my house with-the-keys-(and-my-picks)-locked-inside in a hurry last year, I put a rock through the window least expensive to replace. Took less than a minute, and no practice time at all.
Locks keep honest people honest; barring the set of people willing to open an unlocked door, but not put a rock through a window. In a normal home, the best you can hope for from someone willing to use the rock is intrusion detection.
There are lots of things that are secured with a padlock only.
Say a burglar is trying to break into the shed in my backyard because he wants the tools in it.
He could:
* Bring a heavy, obvious bolt-cutter and cut the lock.
* Bring a sledghehammer and smash the lock off of the door
* Use the same sledge to break a hole in the side of the shed
* Battery operated angle-grinder
orrrr
He could bring a pick and a torsion wrench, make no noise at all, not look at all suspicious to my neighbors, have the lock off in the same amount of time as he would with any of the methods above (faster, in some cases), and leave no traces, meaning I won't even know anything is gone until I go out to the shed again.
What would you do? If I was the thieving type, I would choose a lock pick.
Your reasoning is sound, but the fact is, lock-picking thieves are nearly nonexistent in reality. I suppose it's something to do with the mentality of people who are willing to take the easy way out, regardless of ethics. But, whatever the reason, lock-picking abuse is incredibly rare.
I believe that repeated bumping can lead to damage of the tumbler pins and surround, since you're having to impart enough energy into them to force them to jump against their spring in order to make the procedure work.
Wikipedia notes that hardened steel tumblers are more susceptible to this mode of attack due to them being able to take more force without becoming deformed (which seems plausible, although I don't have any authoritative source)
Bumping can leave distinctive grooves inside the barrel and on the pins that a normal key wouldn't. They may consider these traces to be destructive even though the lock remains operational.
"Some lockpickers observe a code of responsible disclosure by providing manufacturers information on weaknesses they discover in locks they defeat -- just like responsible computer hackers do when they detect security flaws in software."
I'm thrilled to see a statement like this coming from the mainstream media.