Index Home About Blog
From dplatt@teknowledge-vaxc.arpa (Dave Platt)  30-Sep-1987 13:15:30
Subj:	[3885]  Master keys

    It strikes me that most of the metal that my key is composed is
    only there to stop me opening other doors rather than to allow
    me to open my own! Does this mean that the key to my door is
    very much more simple than it looks?

Probably not.  If your door's lock mechanism is built along the usual
master-key lines, then it has as many pins as a non-master-keyed lock
of similar manufacture.  The pins, however, are designed somewhat
differently.

Familiar with the construction of a standard pin lock?  The top half
looks a bit like this, in cross-section:
 
	-------------------------------------
	|            @  @  @  @  @          |   @ = small spring
	|            @  @  @  @  @          |   # = upper half of pin
	|            #  #  #  #  #          |   % = lower half of pin
	|____________#__#__#__#__#__________|   _ = cylinder wall
	|            #  #  #  #  #          |
	|            #  #  #  %  #          |
	|            #  %  #  %  %          |
	|------------%--%--%--%--%----------|
                     %  %  %  %  %          |
  keyway ->          %  %  %  %  %          |
                     %  %  %  %  %          |
	|-----------------------------------|

When you insert your key in the keyway, it pushes the bottom halves
of the pins upwards, thus pushing the upper halves of the pins upwards
and compressing the springs.  If the notches on your key are each of
the correct height, then the pins will all come to rest with the
top-half/bottom-half line lying just at the cylinder wall.  This will
free the cylinder to rotate, and operate the bolt or latch.  If any
of the key notches is too high or too low, then the top-half/bottom-half
line on its corresponding pin will lie either above or below the cylinder
wall, and one of the two halves of the pin will prevent the cylinder
from rotating.

A master-keyed lock works in very much the same way, except that the
pins come in three parts, not two.  The cylinder will be able to turn
freely if each pin lies in either of two possible positions;  either
the top-section/middle-section line must lie at the cylinder wall,
or the middle-section/bottom-section must lie at the cylinder wall.

From your description (your key has more metal than the master key),
it sounds as if your key is designed to make the pins line up along
the middle-section/bottom-section line, and the master key lines them
up along the top-section/middle-section line.  This would indicate
that the (bottom-section length + middle-section length) for each
pin is the same for all of the locks on that particular master-key
system, but that the actual lengths of the bottom and middle sections
differ between the locks.

    Are these systems safe (It seems to me that taking a file to my key
    would allow it to open other doors!) enough?

Depends what you mean by "safe enough".  They're certainly less secure,
as there are obviously two different keys that can open the lock.  Worse
yet, there are probably even more than that: since each pin can be operated
in either of two different positions, there are 2^(#-of-pins) different
notch combinations that can operate the lock, out of M^(#-of-pins)
possible notch combinations (where M is the number of different depths
to which a notch can be cut).  I imagine that these locks might also be
a bit easier to pick than a non-master-keyed system.

and, yes, if you were to take an impression of the master key, and
simply file down your key until it matched, then you'd probably have
a key that would open your door and many others as well.

If you have material that you really want kept secure, I'd suggest locking
it up in a secure cabinet, using a difficult-to-pick padlock which
is not master-keyed and to which you have the only key(s).

From msmith@topaz.rutgers.edu (Mark Robert Smith)  30-Sep-1987 13:19:09
Subj:	[1710]  locks

My adolescent curiosity got the best of me in high school on a similar
situation.  One day, I showed up early for a play rehearsal, and found
the door to the drama room locked.  Someone else was there and in
jest, I decided to try my keys to see if they'd work.  Lo and behold,
my home back-door key opened the door.  I then tried the rest of the
building and found to my amazement that the key opened about 3/4 of
the doors to the building.  As a matter of fact, I could get into just
about any room but the science labs.
    The technical explanation for this is that the school had 6-pin
Falcon locks, and I had a 5-pin Kwikset standard house door lock.  The
inner 5 pins of my key were very close to the inner 5 pins of the
master (I eventually saw it after a long explanation to the
Vice-Principal) and the little notch to make the key go in smoothly
was the same height as the 6th pin on the master.  Thus, the lock
"thought" that my key was the master.
    Eventually someone stole all of the keys to the building and hid
them in the main office ceiling (they didn't find them for 18 months)
and the whole building was re-keyed, to a much better system.

To answer the question posed by the original poster, I would say that
the locksmith who keyed his building did a bad job.  The master should
have some pins higher than most, some lower.  It sounds like your
master has all pins lower than the individual keys.  Therefore, yes,
you should be able to file your key down to the master and use it for
everything.

Smitty
-- 
Mark Smith (alias Smitty)
msmith@topaz.rutgers.edu

From *Hobbit* <AWalker@RED.RUTGERS.EDU>   2-Oct-1987 17:57:31
Subj:	[2449]  master keys

Ah, finally someone *else* talks about locks...

Master key systems can be done correctly or done stupidly.  Normally
[i.e. correctly] the cut heights for the master are mixed as to whether
they're above or below the cut heights for the non-master key[s], and 
placed a sufficient distance away so that there's no possibility of
placing pins at the master position by wiggling the slave key or inserting
it to funny places.  Often mastered systems use very thin splits [the little
wafer inserts between the pin and the driver that allow the lock to open
at different cut heights] which can jam or fall out of the cylinder.

If the maid's key cuts were all lower than the cuts on your office key,
then the system was done stupidly, and you could generate a master by
cutting your key down to the master level.  [You can determine the master
level by taking your office lock apart and loading in just the master
pins/splits as a template.]  I suspect that there are quite a few systems
out there that are done this way.  Suspect this if all the slave keys look
like they don't have too many low cuts in them.

Sometimes odd-shaped drivers called mushroom drivers are used in heavily
mastered systems, in an attempt to make them harder to pick.  These will
allow the plug to cock over a little bit during picking but with the
given pin in the wrong position, so that additional fiddling has to be done
to get it to the right position.   Some older Russwins use ball bearings in
place of rounded pin ends to reduce wear in heavily-used locks.  [If you take
your lock apart, of course, keep very close track of where everything went,
or it obviously won't work anymore...]  To disable the master position and
only allow your office key to work the lock, you'd normally have to obtain
different pins of the right heights.  You might get lucky, however, and
find two pins whose mastering parts could be swapped, changing the master
height there but leaving the slave height.  Then the maids couldn't get in
but you could.

I suspect that there are quite a few of us that majored in locksmithing
in high school, and were dearly loved by the deans.  If only I had had the
presence of mind back then to explain to them how locks are perceived as
little puzzles to take apart and solve, not as something standing in the
way of theft.

_H*

From Jeffrey R Kell <JEFF%UTCVM.BITNET@wiscvm.wisc.edu>   5-Oct-1987 14:27:58
Subj:	[444]  Re: Master keys

Not to mention the MASTER-master-key of most large-scale lock systems;
if you watch them 'change' locks, a special little 'key' is inserted,
turned, and THE WHOLE CYLINDER comes out of the door.  'BEST' (company)
locksets work this way (a common supplier of large-scale locksets).

/Jeff/

From jmturn%ringwld.UUCP@CCA.CCA.COM   8-Oct-1987 14:21:37
Subj:	[1435]  Re: master keys

Back when I worked for LMI, I had occasion to assist one of our
resident amatuer locksmiths in rekeying a lock. The basic goal
was to create a secure door for the video room, which would open
to my key, and no one else's. LMI used the standard system where
your office key was also the front door key. This is a varient on
the concept of a master key. Rather than one key opens many
locks, this is one lock with many keys. Obviously, you can't use
the split-pin idea to make that work, you'd need an almost
infinite number of sections in a large building. Instead, the
lock only has some subset of the total number of pins (3 pins in
a 5 pin system, for example). This makes for an interesting trade
off. By definition, all the keys must share a certain number of
common pins. 

Therefore, there is a trade-off. The more pins they share in
common (and thus, the more pins on the outside lock), the more
secure the outside door is. On the other hand, the less unique
pins between keys, the easier it is to gimmick someone elses lock
given you have a key.

It was VERY easy to gimmick LMI locks...

                           Save Your Vertical Blanking Intervals 
                           for Big Cash Prizes!

                           James Turner
                           (The Ringworld Engineer)

From obrien@aerospace.aero.org  12-Oct-1987 15:16:40
Subj:	[2458]  Re: Master/sub-master keying systems

	OK, here's the poop on master/grandmaster systems, from one who
was at one time a bonded locksmith.

	Master/grandmaster systems should not be used unless absolutely
necessary.  It's like the difference between a system that has a root
password and one that doesn't.  However, since these are physical
systems, the mere existence of the "root password" actually weakens
the rest of the security system.

	Yes, those folks who note the existence of several "splits"
in a single pin are correct.  That's how the trick is worked.  However,
note that lock pins are not very large.  There is a limit to how close
splits can be made, as these mean very thin disks of metal between
the splits.  These disks wind up riding around the cylinder wall
every time either key is used; sometimes on the inside and sometimes
on the outside, depending on which break is used.

	It can sometimes happen that a disk which is too thin will turn
sideways in the chamber.  Result: lock-out.

	In addition, the more splits there are in a lock, the easier
it is to pick, for reasons I won't bother with here.

	Now to the question of keys.  Remember that a key is just a
long metal blade.  The deeper the key is cut, the thinner the blade.
The thinner the blade, the more likely it is to break off in a
recalcitrant lock.  Result: lock-out.  The answer is then that most
keys should be of the thick variety, since the sheer number of key-uses
is far larger than the total number of grand-master uses, even if the
grand-master is in constant use.  So, individual keys get the higher
cuts.

	Of course, you could argue, you could arrange the grandmaster
such that some cuts are very high and some are very low.  Indeed this
is sometimes done, but there are two reasons against it: 1) A low cut
in the middle results in a weakened key: it has a "thin spot" and can
break.  2) In general, for all keys, there is (or should be!) a limit
on the maximum "jump" in height from one cut to the next.  Remember,
as the key goes in and out of the lock, the pins have to ride up and
down.  Too great a difference between one cut and the next results in
a very steep "roller-coaster" ride for the pins.  Unless they are very
well-lubricated, this can result in a stuck key.  Result: lock-out.

	Hope this settles the hash of this question!

Mike O'Brien

From NESCC%NERVM.BITNET@wiscvm.wisc.edu (Scott C Crumpton)  15-Oct-1987 13:33:00
Subj:	[1846]  re: Master keys

There is a very simple reason why master keys tend to have less metal on
them than the non-master keys.  It's easier to make them that way.

Let's take a simple example: A lock that will have one standard key and
one master.  To key it you start with an empty cylinder (no pins in it
yet), the regular key, and the master (with less metal than the regular
key).  Place the regular key in the cylinder and try different length
bottom pin segments in each position until each position contains one
bottom segment that is exactly the right length to be flush with the
edge of the cylinder.  Remove the regular key and insert the master.
All of the pin segments will now be too short.  Add middle (mastering)
segments, 1 each, in each position until their tops are again flush.
Now insert the cylinder into the lock using the proper tools.  The top
pins in the lock are all the same length, no changes in these pins are
made.  Done.

Notice that this is basically a trial and error process.  If the master
key has less metal than the regular key(s) it can be done in a single
pass.  If however, the master has more metal in one or more positions,
several passes will be required.

In a major job with many locks and several levels of mastering, the
problem of a sparse master should never occur (unless the locksmith is
either lazy or incompetent).  Such jobs require significant planing and
all of the necessary pin segment lengths can be determined in advance.
Keying the locks is then a simple matter of dropping in the right pin
segments in the right order.  It is not even necessary to have the keys
cut yet.

Please note that I am not a locksmith, only an interested observer.

---Scott.

From jcmorris@mitre-bedford.ARPA (Joseph C. Morris)   6-Oct-1987 18:26:33
Subj:	[1029]  Re: master keys

Several years ago there was a report that MIT had been hit with numerous
breakins (some versions say the intent was pranks, not burglary) which 
had been accomplished with keys which opened various locked offices.
According to the reports (more accurately: rumors) going around the Institute
the keys were manufactured by students who had removed the door locks from
the bathrooms in the main MIT building (that's buildings 1 through 10) and
had disassembled them to find the common pin breaks.  All they had to do 
then was to file a key which aligned the common breaks with the cylinder
radius; since the locks represented doors from all parts of the building
(despite the range of numbers it's one structure) they had a master for
almost every door.

Except for buildings in which the bathrooms are routinely locked, who would
notice that the doors were missing the lock cylinder?

From Jeffrey R Kell <JEFF%UTCVM.BITNET@wiscvm.wisc.edu>  28-Oct-1987 08:56:29
Subj:	[1514]  Re: Master/sub-master keying systems

One more lock note:  one of my first real paying jobs was as a bellman
(read: Flunkie) at a local franchise hotel.  They had just over 250 rooms,
plus assorted locked service areas (housekeeping, maintenance, storage,
etc).  Although not a real bona fide locksmith, one of my tasks was to
cut keys once a week, as plenty of people don't leave their keys when
they check out.  All the real keys are kept in a locked cabinet behind
the front desk (including masters) and all keys given to guests are just
copies.  There were three key blanks:  two for guest rooms (divided in
half by floors, there were two systems) and one for maintenance areas.

The maintenance areas were not on a master system at all (somewhat
obviously).

The rooms had (1) the "maid" key which was a straightforward master cut
from the regular room blank, and (2) the "security" master which was
identical to the "maid" key except that it had one additional pin; in
order to duplicate the "security" master (which you weren't supposed to
do, but you get tired of signing keys in/out to do room checks) you had
to cut the room master back one additional tumbler location and extend
the horizontal grooves back through the extra space.

The "security" master would open the deadbolt!

I've always felt safer with a chain or doorstop than a deadbolt ever since.

/Jeff/

From *Hobbit* <AWalker@RED.RUTGERS.EDU>  28-Oct-1987 17:03:33
Subj:	[1462]  mastered systems

Creating master keys is *not* a trial-and-error process.  A correctly
configured system never sees brass until it's all planned out as a huge
chart of cut numbers, or actual thousandth-inch measurements.  All the
cuts conform to the basic common-sense rules of keying, like cuts must
be a certain minimum distance apart so you don't get the tiny-split-fell-out
screw, and the user keys don't have low cuts near the bow, and the master
cuts aren't necessarily all above or below the user cuts, etc.  There are
even programs for micros out now to help locksmiths plan mastered systems
that know these rules and the maximum cut heights of different brands of
locks.  They also aid the locksmith keep track of what key opens whose door
when repairs are needed, and print out the final chart of the whole thing.

Similarly, if you're going to try and determine the master combo for a given
system, you do need to take at least one example apart.  A pair of .001 inch
calipers is very helpful, because then one doesn't need the lock itself to
cut the key.  All you need is pin heights, spacing, and the outer diameter
of the plug minus a small slop factor.  [The MIT students someone mentioned
apparently didn't think of this.]

It gets even hairier when you have control keys for Best and friends.
Sometimes even *those* are mastered.

_H*

From gwyn@brl-smoke.arpa (Doug Gwyn )  30-Oct-1987 12:56:10
Subj:	[2424]  Re: master keys

 jcmorris@MITRE-BEDFORD.ARPA (Joseph C. Morris) writes:
>the keys were manufactured by students who had removed the door locks from
>the bathrooms in the main MIT building

I don't know of any techie university where this doesn't occur.
When I was at Rice, it was usually stairwell doors.  To make
matters worse, there was a "GreatGrandMaster" key that would
open most doors on the whole campus.

With Best locks (or ones of the same general style), disassembly
of a single cylinder (usually involving milling off the top) is
tantamount to obtaining the master key.  This is due to the fact
that generally a single "control key" is used to remove all
cylinder cores.  Having removed the core, a simple tool (or even
a large screwdriver) can be inserted to operate the cylinder.
Alternatively, the lock breaker could surreptitiously remove one
core at a time (presumably leaving in its place a core of his own,
possibly keyed to open on all alternate-numbered splits in each
column in case someone tries to enter while the substitute is in
place); removed cores can be taken home and disassembled at leisure.
Of course, the true master key bitting eventually emerges as the
common bitting that would open all examined locks.

There are several steps that institutions can take to minimize
the risk from such activity.  An obvious one is to avoid
excessive master-keying, especially the use of a single GGM.
Another is to not master-key doors that are usually left unlocked.
Periodic rekeying (including control keys) is also advisable.

The other big techie pastime at Rice was exploring the "steam
tunnel" system; these tunnels connected the major buildings to
carry water pipes, conduits, etc.  Generally once a single
entry was found, one could wander anywhere.

University administrations should consider why smart students
have to resort to such misdemeanors for intellectual stimulation.
One would think that the normal activities should provide that.

P.S.  I don't recommend this kind of activity, even if you feel
the need for some excitement.  If you get caught, you'll get
more excitement than you bargained for.  Try making nitrogen
triiodide, or trinitrotoilet tissue, or something else like that
for excitement.  Too bad you won't get any official credits for
it either.  Be careful!

From yetti!utzoo!henry@uunet.uu.net (Henry Spencer)   3-Nov-1987 19:39:58
Subj:	[857]  re: Master keys

> There is a very simple reason why master keys tend to have less metal on
> them than the non-master keys.  It's easier to make them that way.

Well, there is also a reason to do things the other way:  if the master has
less metal on it everywhere than a non-master, then one can file a non-master
down to make a master.  The only time I ever took a close look at the shapes
of keys (in a scheme that used multiple levels rather than distinct keys
plus a master), the less powerful keys had less metal on them, so the file
trick wouldn't work.  (Rats! :-))
-- 
PS/2: Yesterday's hardware today.    |  Henry Spencer @ U of Toronto Zoology
OS/2: Yesterday's software tomorrow. | {allegra,ihnp4,decvax,utai}!utzoo!henry

From gwyn@brl-smoke.arpa (Doug Gwyn )   1-Nov-1987 19:48:37
Subj:	[2240]  more about master key security

In my previous message about techie school lock cracking,
I forgot to mention a couple of other important issues.

If one has an ordinary unprivileged operating key for a
lock, and if the lock is master-keyed, then by disassembling
the lock one can quickly determine possible master-key bittings.
In particular, in a one-level mastering system, any split in
a pin column that does not match the operating key bitting is
almost certain to match the master key; if there is only one split
in a column, then the master key must have the same bitting as
the operating key in that column.

This and the previous information I posted makes it clear that
in order to gain reasonable security in a master-keyed system
in an environment such as a college campus, the lock cylinders
must be protected from removal for disassembly and inspection.
Properly-installed Best mortise lock cylinders have this property,
because they are fastened not only with the typical long screw
against a notch in the side of the cylinder that can be loosened
after removal of the plate on the side of the door, but they also
have an internal diagonal set-screw that prevents simple removal
of the cylinder unless the core is first removed with the control
key.  If the whole system is properly installed, there is no first
loose cylinder to be removed to figure out the control key..

Use of restricted key sections can help, too, since one cannot
simply buy such a blank at the local 7-11.  However, a diligent
lock cracker can make his own blanks.  I knew a fellow who filed
one out of a piece of stainless steel; if you have access to a
milling machine, it is not hard to make a suitable key blank.

I again remind you that I'm not recommending this activity,
which involves more risks than anyone in his right mind should
decide to take!  It also usually involves property damage,
which is unethical.  I hope this information will help campus
locksmiths improve the security of their lock systems to the
point that few students will find this activity sufficiently
rewarding to bother with, compared to the effort required.

From *Hobbit* <AWalker@RED.RUTGERS.EDU>   9-Nov-1987 05:57:30
Subj:	[581]  Internal setscrews

The from-the-inside setscrews that Best is infamous for aren't a
guarantee against tampering.  A certain proportion of the locks in a
large campus system will "default" to the control shear line during picking.
A determined individual *will* eventually manage to obtain one; there's
not a lot you can do about it short of posting guards at all the doors.

Does Medeco or Abloy have any such mechanism?  *That* would make things
pretty difficult...

_H*

From gwyn@brl-smoke.arpa (Doug Gwyn )   9-Nov-1987 15:12:38
Subj:	[696]  Re: untoothed keys

Jose Rodriguez writes:
>Talking about master keys and such, has anyone seen a type of
>key that has no teeth and it is just a straight piece of metal?

There are several keys that could fit such a description.
Were there ANY external encodings at all, such as wiggly grooves
(Bell lock) or dimples (Sargent KESO)?  If not, this may have
been a magnetic key.  There were some cheap padlocks that one
opened by placing a flat key against the side; embedded magnets
reacted on magnets inside the lock to align gates.  That lock
yielded easily to physical force, however.

From Mike Linnig <LINNIG%eg.ti.com@relay.cs.net>   9-Nov-1987 23:44:02
Subj:	[819]  master key security

Doug Gwyn's comments about some locks being somewhat difficult
to remove unless you have the control key brings the following to
mind...

What will the administration do if they find such a lock has
been removed by brute force (ie.  saber sawing it out of the door)?

Surely this implies that the whole master keying system is
compromised.  Ideally, they would rekey all the locks.  In
practice I assume that they would shrug their shoulders and
hope no one starts using master keys.  It must be
very expensive to rekey all the locks on a campus.

	Mike Linnig

ps.  I too do not advocate property damage, but it is amazing how
     vunerable these systems are to thoughtful attack.

From *Hobbit* <AWalker@RED.RUTGERS.EDU>  11-Nov-1987 06:28:48
Subj:	[3461]  Iwamoto's lock questions

Well, the first one with the dimples [I forget the name -- K-something]
is relatively straightforward; the dimples simply push pins outward from
the keyway certain distances like a regular pin lock.  The pins protrude
into the keyway from a couple of different directions; the theory being
that such a configuration is harder to pick.  Well, they tried.  The
severe limitation here is the number of cuts per pin -- the total travel
isn't that far, so you can only have three or four distinct cuts [i.e.
dimple depths] per pin.  They compensate by using more pins.  A similar
method is found in Fichet cylinders, which use a key with an H-shaped
cross section to address four rows of pins.

The other kind, with the slanted cuts, are Medeco or Emhart.  Ahh, Medeco.
I've recently had an in-depth go-round with a few of these myself after they
installed them on my office area.  These are in theory "unpickable", because
of a rather complex sidebar system and lots of "false" positions that the
parts can get into but still not open the lock.  The configuration is
similar to a standard pin-tumbler lock in that you have pins and drivers as
usual.  The difference is that the pins are chisel-cut, so that when they
drop into the V-shaped key cuts they are forced to rotate to conform to the
cut orientation.  Into the right side of each pin are milled one or more
vertical slots, about .025 inch deep for the "real" slots and less for the
false ones.  Located just to the right of the pins is a sidebar which
normally protrudes into a slot in the shell.  The sidebar has six little
flat teeth, each of which sticks through a small hole directly at the side
of each pin and each of which is slightly narrower than the pin slots.  If
the pins are rotated such that all the deep slots line directly up with the
sidebar teeth, the sidebar can fully retract into the plug, allowing it to
turn.  If any tooth encounters the side of the pin, or even a false shallow
slot, the sidebar blocks rotation.  All this is in *addition* to the regular
pin-driver action, which is further confused by liberal use of mushroom
drivers and funny shapes at the top of the pins.  The pin tops are slightly
beveled so that they bear against the driver with a small contact area.
This allows easier rotation.

However, all this is perhaps not as hairy as it sounds.  The rotations are
limited to zero and plus/minus 30 degrees or so.  I believe there aren't
a lot of different cut heights, either.  While ding near impossible to pick,
it's possible to fool with it until it cocks over into some false positions.
At this point it's possible to get some information about the insides.
Very occasionally someone does get lucky and successfully picks one open,
but not at all repeatably.  The blanks for these are usually restricted, the
cut keys are registered with the company and have "do not duplicate" stamped
all over them, and not every place that does keys has a Medeco machine, which
is apparently expensive.  Creative sheet metal work can get around this, but
the tolerances involved are quite exacting.  One thing Medecos have going for
them is that they are *very* nicely machined; if you removed the sidebar
assembly from one it would still be a pretty decent lock.  [Note that if you
remove the sidebar, pin rotations no longer matter.]

_H*

From gwyn@brl-smoke.arpa (Doug Gwyn)  12-Nov-1987 17:36:05
Subj:	[1137]  Re: mastered systems

>Similarly, if you're going to try and determine the master combo for a given
>system, you do need to take at least one example apart.

Actually, if you have an operating key, you need not remove the lock cylinder
in order to determine all the pin splits in it.  Obtain one extra key blank
per pin column (7 for the typical institutional Best lock); duplicate the
operating key except for one column on the blanks, omitting a different
column on each blank.  Then, for each blank, try it with the omitted column
cut to number 0 (high), then 1, then 2, ... and record which bittings open
the lock.  That tells you what the splits are in that column.  The whole set
of trials tells you what all the splits are in all columns.

The best way to cut the keys is with a code machine; next best is to duplicate
from a depth key set; third best is to set up an extra cylinder plug with just
one pin of the desired length in the appropriate column, and file down the key
until it brings the pin flush with the plug.

From quintus!gregg@Sun.COM (W. Gregg Stefancik)  12-Nov-1987 18:03:09
Subj:	[945]  Picking the Best control shear

According to some books on the subject of interchangeable cores it is
possible to pick the control shear only by applying tension to the
control sleeve only.  By applying tension to the control sleeve only, the
pins will only bind at the control shear.  You may ask, how does one
apply tension to the control shear?  Best cores have holes
in the core sleeve for ejecting pins, one merely modifies a tension 
wrench to fit into one of these holes such that it only contacts the
control sleeve (the upper most sleeve layer).  If your wrench goes into
the hole too far you will be applying tension to the entire core assembly
which will get you no where fast.

I have yet to try the above technique, but logic seems to say that it
should work.

Gregg Stefancik
Professional Security Consultant

From gwyn@brl-smoke.arpa (Doug Gwyn )  17-Nov-1987 02:14:53
Subj:	[572]  Re: Internal setscrews

>A certain proportion of the locks in a
>large campus system will "default" to the control shear line during picking.

Actually, if you're really into Best locks, you should make a special
tension wrench that grabs onto the holes in the bottom of the plug sleeve
corresponding to the control plug.  This makes picking the control
shear line fairly easy.  Some Best locks use spool pins, but a competent
lock picker can cope with that too.

From gwyn@brl-smoke.arpa (Doug Gwyn )  17-Nov-1987 02:19:44
Subj:	[2306]  Re: the KEY Discussions

>One had no slots, per se. Instead, it essentially looked like a blank with a
>number of dimples of differing sizes drilled on both sides of the blank.

Sounds like the Sargent KESO system, which soon had some imitators.
The blank cross-section is a squashed hexagon, with dimples milled
into the flats at positions matching pins in the plug.  There were
three sets of pins (the key was reversible).  All three had to line
up their splits along the plug shear line before the plug would turn;
otherwise it is just the ordinary Yale tumbler lock principle.  The
improved security was due to the restricted blank, the difficulty of
duplicating or even producing a cut key, and the difficulty of picking
three simultaneous shear lines.

>In other words, instead of just making the cuts at an angle perpendicular
>to the key, the cuts were offset at angles of 0, +5 and -5 from the 
>perpendicular.

Sounds like the Medeco lock.  Its pins have wedge bottoms instead of
the usual cones; the wedges cause the pins to twist, and since the
pins are offset from the center of the plug (if I recall correctly),
they have to be properly twisted to align smoothly with the shear line.
There are also some systems like this with grooved pins and even more
elaborate mechanisms.

Don't forget the "sidebar" locks used on current GM automobiles.

There is also the Chicago "Ace" lock (with tubular key) often found
on vending machines, and variations on that theme, including one
with concentric nested pins.

All these locks can be picked, with varying degrees of difficulty,
by someone who understands their construction and general locksmithing
principles, who has or can make the necessary tools, and who is willing
to spend the practice time required.  There is a common opinion that
any lock involving mechanical principles activated by inserting some
sort of key into a hole is in theory pickable.  The most secure lock
systems I know of that are in general use involve "card keys" and have
computers that log lock activity.  If you couple one of these with some
form of personal validation (hand geometry or retinal scan), that's
probably the best you're going to be able to do.

From ron@topaz.rutgers.edu (Ron Natalie)  17-Nov-1987 16:01:26
Subj:	[829]  Re: master key security

You wouldn't need to do anything as drastic as saber sawing to
steal the lock.  While you need a change key to remove the core,
you can pull the whole cylinder if you have the door open without
damaging anything.  You then take it home and crack it open.  If
you don't have a key, you can open the door by some forcible means
or you can just rip out the cylinder.  There is a device called
a K-tool that I have used exactly once.  It is a piece of metal
that slides over the cylinder.  You place the end of a halligan
bar into the slot on the K-tool and then hit the whole thing with
a heavy object (the flat end of an ax works well).  The lock comes
out of the door in one easy motion.

-Ron

From puff!kailhofe@RUTGERS.EDU (Andrew D. Kailhofer)  23-Nov-1987 22:54:00
Subj:	[1957]  Re: master key security

>What will the administration do if they find such a lock has
>been removed by brute force (ie.  saber sawing it out of the door)?
>Surely this implies that the whole master keying system is
>compromised.  Ideally, they would rekey all the locks.

Oh, how I know this problem.  Within the last few weeks we've had three
locks stolen from doors in our building, one with computers all over the 
place.  A building that is also on a campus that has a pretty smart gang
of computer theives on it.  The locks were simply torn out (Sargeant locks).
I spent days hiding equipment while we wait for a locksmith to install
a few new (good) locks in a few rooms.  If they don't get it done by the
upcomming holiday, we're doomed.
We know they are after a master, the locksmiths know they are after a
master, and it makes me soooo mad!  The security of my building is 
compromised, and my babies stand the risk of being gutted, from model A PC's
right on up to a 3B15.
I just hope that they leave the lock-down cables that will be chopped
where they chop them so that we are only stuck with a $250 deductible
forced entry replacement instead of a $1K deductable for non-forced entry
theft (per item).

Has anyone else out there had this problem?  Can anyone else offer any
suggestions?  We already re-keyed once this decade, so the UW administration
isn't likely to consider that as a viable option.

Please, Boys!  Help me save my wee bairns.

Andrew D. Kailhofer           |507 VanVleck Hall       |  This third left
Systems Consultant            |Madison, WI 53706       |  blank for reasons
UW-Madison Math Department    |(608) 263-4189          |  of national
kailhofe@weaver.math.wisc.edu |I wrote it, it's _mine_!|  security (spooks and
...!uwvax!vanvleck!kailhofe   |Bansplaft!              |  all that stuff).

From jslove%starch.DEC@decwrl.dec.com (J. Spencer Love)  25-Nov-1987 02:29:42
Subj:	[3417]  Re: Internal setscrews

The "from the inside" setscrews don't protect padlocks, which are by far the
most vulnerable locks in most Best and Falcon systems.  As many bicycle owners
know, cutters which can remove a padlock from a hasp are too easy to come by,
and the words "hardened steel" are essentially irrelevant. One way to deal with
this problem is to use a separate control key and mastering system for padlocks
and other unsupervised areas. 

The control key is implemented as a sleeve around the plug, where the plug is
the part of the lock which rotates when the lock is normally operated.  This
sleeve is about 1/8" thick for the part which faces opposing circle of the
figure 8 profile of a Best lock, and includes the tooth which holds the core
into the lock.  This describes a bit more than 60 degrees of the sleeve, the
other 300 degrees are also present, but the metal is much thinner, and thus
less noticeable. 

The sleeve along the bottom of the keyway typically has five or six small holes
(one under each pin), which may be intended for use by the locksmith when
assembling or rekeying a core.  These small holes permit making a specialized
wrench to apply torque to the sleeve without applying torque to the plug.  Such
a tool makes it relatively easy to pick the sleeve, thus removing the core. 
The core operates in only one direction, turning about 20 degrees, since the
tooth must withdraw into empty space within the core. 

The Best locks are well made, so it is easy to disassemble and reassemble them.
Penetrating such a system can be done without property damage.  If the system
stamps a code on each lock and key, it is often possible to derive the whole
system by examining two or three keys and a single lock.  This could be made
more difficult by assigning the codes non-sequentially, but the systems which I
have seen didn't do this.  The Best locks that I have seen have 5, 6 or 7 pins,
each of which has 10 possible stopping points 1/80" apart. Because the thinnest
master pin is 1/40" thick (to keep from turning sideways), only the even or odd
numbered stops are used by any given pin (but the control key can violate
this).  With one stop reserved for the grand master, 4 stops per pin are
available for pass keys.

The master key has at least one cut which has more metal than any pass key, so
that griding the keys down never can produce a master key.  When submasters are
provided, the grand master can't be made from any submaster, and so on. 
However, metal can be added to a key using silver solder, which can easily be
filed down and has a reasonable lifetime (regular solder is too soft, so the
lifetime would be only a few uses).  The solder makes the key rather
conspicuous when the campus cop asks to see your key ring, though.  I think you
would need acid-core solder; it's been a while. 

The usual disclaimer applies: don't try this at home, it's illegal.  Knowing
how to pick locks is only illegal if you exercise the skill on someone else's
lock, but there are places were possession of the tools without a license (a
locksmith's bond, or some such) is a felony.  It can be a very useful skill
in emergencies where forgiveness is easier to obtain than permission; every
boy scout should have a locksmithing merit badge.

From *Hobbit* <AWalker@RED.RUTGERS.EDU>   4-Dec-1987 05:35:47
Subj:	[742]  Best control wrench

Note that since the control shell is only .0125 inch thick at the bottom of
the keyway where the holes are, and the proposed tool must exert *no* tension
between the plug and the control shell, you have a difficult machining
problem here.  Do such tools actually exist, and do they work at all well
given the relatively tight tolerances involved [which can probaby vary from
lock to lock within a certain amount]??  Obviously there will be one tool per
keyway, but even something with an exact keyway fit and a short little pin
on the bottom may still torque the normal shear line enough to confuse matters.

_H*

From bzs@bu-cs.bu.edu (Barry Shein)   4-Dec-1987 14:52:25
Subj:	[569]  master key security

One would think the decision to re-key or not would be settled by a
conversation between the University's and their Insurance company's
lawyers. Unless they don't mind leaving the campus in a situation
where claims might be disallowed based on a lack of minimally
acceptable security practices. Most University's self-insure up to a
high deductible ($100K is not unusual) but something as global as this
can easily threaten that deductible.

	-B

From decvax!felix!chuck@ucbvax.berkeley.edu (Chuck Vertrees)   4-Dec-1987 20:42:41
Subj:	[862]  Re: master key security

>What will the administration do if they find such a lock has
>been removed by brute force?

I once worked at a high school and they had just this problem.  Someone had
compromised the master and they were faced with finding a solution.  This
particular school was constructed in a campus type arrangement with ten
buildings, each with eight exterior doors.  Keying was in a master/submaster/
individual scheme, layered as appropriate.

The school system had their own internal locksmith department, doing all the
keying themselves.  Budgets being what they are, they took the cheap way out.
They designated two exterior doors in each building to be re-keyed and plugged
all the others with epoxy.

Chuck V.

From gwyn@brl-smoke.arpa (Doug Gwyn )
Subject: Re:  master key security
Date: 4 Dec 87 18:14:28 GMT

>am I correct
>in thinking that it would be within the realm of possibility for our
>locksmiths to re-do the master keying in such a way as to avoid the need
>to cut and issue new keys to residents (i.e. change ONLY the master keying)?

It depends to some degree on how the masterkeying scheme is set up,
but in general it would indeed be possible to switch to a different
master (at the level of the stolen one) while invalidating few or
none of the other keys in the system.  During the transition,
presumably legitimate possessors of the master would also have the
new one, so that the locks could be gradually changed over.

From quintus!gregg@Sun.COM (W. Gregg Stefancik)
Date: Thu, 10 Dec 87 12:56:06 pst
Subject: RE: Best control wrench

I suggest a test to determine the actual effectiveness of such a tool.
According to my source (a book published by the National Locksmith devoted
to the subject of interchangeable cores the name of which currently escapes
me), this designing this type of tension wrench made it much easier for him
to pick the control shear.  Some one out there must have a Best core and the
proper tools to design and use the tension wrench.  If I had a Best core or
access to one I would be more than happy to test this technique out, but
unfortunately I don't currently own any Best cores.

The tension tool I saw pictured in the book looked like the average tension
wrench (of the HPC variety) with a groove filed such that the wrench would
contact the control shell only.

Gregg

From ncoast!mikes@RUTGERS.EDU (Mike Squires)
Subject: Re: master key security
Date: 20 Dec 87 08:48:55 GMT

As a freshman at Caltech in 1963 I took an unofficial course in locks
from a club dedicated to the opening of locked doors called the "Mickey
Mouse Club".  I suspect that a few years later the members were hacking
computer systems rather than mechanical locks.  The members were only
interested in the locks, rather than the contents; one of the leaders took
a job at an office in a former bank so that he could work on the old vault
lock (unfortunately he opened in in 1/2 hour but had to stay at that job for
the rest of the summer).  To make a long story short, one of the pieces of
information one learned was the combination for the north and south campus
grand masters.  It is my understanding that this situation was well known
to the administration, but that they were unwilling to spend the money to
rekey the campus (was it ever done? ) and realized that the new combination
could be discovered in minutes anyway, with some luck.  In any case, all of
the students learned to pick pin tumbler locks in seconds so that possession
of the master key was not very important.

From meow!kyle@uunet.uu.net (kyle)
Subject: Re: master key security
Date: 23 Dec 87 04:13:31 GMT
Status: R

Sure, but a K-tool only works on deadbolts.  If you want to remove the core
from a doorknob you will have to resort to other means.  (maybe use the flat
end of an ax? :-) )
-- 
		Kyle Rhorer
		meow!kyle@nuchat.UUCP

Date: 29 Jan 88 20:55 -0800
From: gwyn@brl-smoke.arpa
Subject: re: master keys

Dennis Mumaugh stated that the government-style S&G padlock is hard to
"pick".  That's misleading.  I manipulated one open in less than ten
minutes when I was in the ASA.  (We were locked out of a laboratory/
classroom.  The instructor had already called someone to come open the
lock so I had to lock it back up.)

Date:	Thu, 12 Apr 90 07:26:00 EDT
From:	Doug Gwyn <gwyn@smoke.brl.mil>
Subject: Re: Locks/Security in large institutions (e.g. Universities)

>1) In institutions which have frequent room rotations, as in the
>   dormitories of a University, what kinds of policies have been
>   implemented to keep the rooms secure from year to year at your
>   institution?

Removable-core systems make this relatively easy and inexpensive.
In fact you can just permute the cores, no need to re-pin them.
Best of all (no pun intended) is if the cores are not stamped on
the outside with a keying code but only on the inside.  That way
the only way someone could use an old copy of a key is to try it
in about half the locks until he found the matching core!

Date:	Thu, 3 May 1990 01:23:00 -0400
From:	"Jonathan Clemens" <FSJPC@alaska.bitnet>
Subject: Re: Locks/Security in large institutions (e.g. Universities)

Removable cores? After my high-school exploits, I would heasitate to
use any such system... An associate and myself, using just calipers,
hacksaw, file, and key blanks, totally destroyed the security in our
entire school district. The high school was cored with BEST locks,
including locks on the electrical panels and padlocks.

We stole six identical cores off of three electrical panels that had
been locked open. My associate, given only the two books on locksmithing
that we'd checked out from the local library, took apart the cores,
measured the pin heights, and, given 10 BEST blanks that I'd bought
(no questions asked) from Fred Meyer's, managed to manufacture a change
key, and a key to unlock that core. He never managed to make a master
key, but we didn't need that one to move about. We'd just remove the
original door core, insert one of the electrical panel cores (we had
four left), unlock it, open the door, re-lock it, and insert the original
core. I eventually developed a pseudo-core (a dowel with properly
drilled holes) that could hold the fork to "lock" and "unlock" the
doors.

My associate and I parted ways after a difference of opinion regarding
what we would do with the keys (oh, yes, they duplicated nicely at Fred
Meyer's). There were eventually a series of thefts, and I implicated him,
but nothing could ever be proven.

A task I'd embarked upon as an enthusiastic young hacker (following the
'hacker ethic', although I didn't know it as such at the time) opened
my eyes to just how vulnerable these systems are.

> Best of all (no pun intended) is if the cores are not stamped on
> the outside with a keying code but only on the inside.  That way
> the only way someone could use an old copy of a key is to try it
> in about half the locks until he found the matching core!

PLUS, without the numbers on the outside, people (like my associate and I)
can't just casually browse the building, gathering the sub-mastering and
mastering zones and conventions. All we needed was time, and the whole thing
became plain. You could hand either of us a key, and we could tell you which
department it went to, and occasionally the teacher to whom it belonged.

                                        Jonathan Clemens

Date:	Tue, 19 Jun 1990 22:33:00 -0400
From:	shz@packard.att.com
Subject: Re: Security and Masterkeys

>In every
>case I am aware of the master key is the lowest key of all.

Sorry Leonard.  You must not be aware of any professionally designed
master keying systems that were set up according to common locksmithing
industry standards.

A properly selected master key must be impossible to create by filing
a change key.  That means it must contain at least one cut that is
taller than the corresponding cut in every change key.  The master
key should also have a wide assortment of cuts so that the master key
shear line in the lock (every lock) is difficult to pick.

If the master key was always the "lowest key of all", whatever that means,
it would be a very flat key or provide very few cut depths (and thus
key combinations) for the change keys.

Calculating the top level master key by measuring pins becomes increasingly
difficult as the number of levels (i.e., MK, GMK, GGMK, GGGMK, etc)
increases.  It is possible for a lock in a single level master-keying
system to have more pins than an idential lock in a four level system.

Seth Zirin, CPL

Date:	Thu, 21 Jun 1990 01:41:00 -0400
From:	nugent@gargoyle.uchicago.edu
Subject: Re: Best Locks 

One University I attended had the policy that the master key was
always the deepest key cut.  If you took apart a multi-keyed cylinder
and made a key with the deepest of all the possible cuts, you reliably
ended up with a grand-master key for the building or even group of
buildings!  It made collecting the "complete master key collection"
rather easy--just one cylinder to take apart  per building.

On a recent visit I noticed they had rekeyed with Medeco Bi-axial locks, but
I'm afraid I didn't have the time to see if they had learned any lessons 
about keying plans. 

Todd

Date:	Thu, 21 Jun 1990 02:15:00 -0400
From:	Doug Gwyn <gwyn@smoke.brl.mil>
Subject: Re: Security and Masterkeys

>In every
>case I am aware of the master key is the lowest key of all.

In a properly designed system, it shouldn't be.  Otherwise, any "day key"
(ordinary operating key) could be filed down to produce a master key.
This would especially compromise security when restricted blanks are used.

However, the procedure you suggest can often be used in modified form
to determine the highest-level masterkey, because if there are multiple
splits in a pin column you can be fairly sure that the one that matches
your day key is NOT the master split, and if there is only one split
then your day key and all levels of master key must share that depth in
that column.  Thus, if there are no more than two splits in each column,
using the ones that differ from your day key (when there is a choice)
will very likely produce the highest level master key.  (Lower-level
mastering is often done by sharing splits in a column or two with the
day keys in that submaster group.)

Date:	Thu, 21 Jun 1990 03:15:00 -0400
From:	Doug Gwyn <gwyn@smoke.brl.mil>
Subject: Re: Best Locks

It's pretty easy to figure.  There are two pinning schemes for Best
locks:  10 depths at 12.5 mil increments and 7 depths at something
like 18 mil increments.  The former is the most common; however, to
avoid using 12.5 mil pin sections, which tend to jam, the convention
is to use only every second depth for each pin in the 10-depth scheme.
Thus, pin columns can be labelled "even" or "odd", depending on which
of the two alternate sets of depths they use.  If you were to pin a
core with splits every 25 mils, with the bottom pin segment chosen as
a #0 or #1 length depending on whether the column is even or odd, the
core would open on any key in the system.  (This would make a good
universal substitute for replacing a core removed for study, since it
would open the lock for its intended keyholder -- as well as others
in the unlikely event that they were to try while the substitute is
in place.)  Anyway, the number of possible day key changes for the
10-depth scheme can therefore be no more than 5^7 = 78125, while for
the 7-depth scheme it is no more than 7^7 = 823543.  The actual
number is reduced by three considerations:  Some key bittings are too
insecure, for example all depths the same can be unlocked by a stiff
straight wire.  Some key bittings are infeasible (at least for some
lock brands, possibly not Best), for example the deepest depth adjacent
to the most shallow depth (the deep cut's slope overlaps the base of
the shallow one's).  And finally, to avoid accidental cross-keying,
the day keys cannot use the master-key depths.  This latter
consideration lowers the upper limit to 4^7 = 16384 and 6^7 = 279936,
respectively, for one level of masterkeying.  Since most campuses
use multiple levels of masterkeying (3 or 4 is typical), cross-keying
avoidance reduces the number of day key changes still further.  There
are probably no more than 2000 available; to go beyond that multiple
keyway sections are normally used.  Best offers several, in at least
two distinct families, with special blanks available for the masterkeys
to allow them to pass multiple keyway sections within the family.

>Is it common practice on campi to have two locks the same, assuming
>the residents will never notice?  Occasionally a group of people would
>all go down a hall trying locks, but we never found a double.

I've never encountered a masterkeying setup where duplicate day keys
for different access was considered acceptable practice, so I suspect
they're not using that at your campus either.

>p.s. are there any other HAR56's out there?

The "HAR" codes are specific to your campus.

Date:	Thu, 21 Jun 1990 03:37:00 -0400
From:	"J. Spencer Love; 508-841-2751; SHR1-3/E29  07-Jun-1990 1229" <jslove@starch.enet.dec.com>
Subject: Re: Best Locks

I remember hacking Best locks in high school, say about 17 years ago (now it 
can be told).  There are a lot more than 250 possible combinations.

We had "A" blanks, 6-pin tumblers, and a keying system called "X".  Each pin 
could be cut at at either the odd or even 5 of 10 possible levels.  With one 
level reserved for the master cut, that left 4 cuts/pin for pass keys.  That 
means there were 4,096 possible pass keys.

The locks were zoned into 64 groups of 64, with the school apparently having 
only licensed the first 8 zones.  The 3 shallowest cuts (neat the handle end 
of the key) varied within a zone.  Different zones were lettered A-H, and 
assigned to different departments within the school -- something like A for 
upper school, B for offices, C for the kitchen, D for boarding student's 
rooms, E for maintenance and grounds, F for the middle school, G for the gym, 
and H for the lower school.  (These are probably scrambled -- it's been a long 
time.)

The keys were stamped with codes ranging from XA1 to XH64.  The codes were in 
simple base-4 correspondence to the cuts, starting from the first cut 
modularly above the master cut as zero.  It was only necessary to measure 3 
keys with a microcaliper to solve the whole system except for the control key.
We made a pretty good guess at the control key (one of 2 patterns).

They stamped these numbers on the locks, too.  Since they really wanted to 
label everything, it's really too bad they didn't use a random codebook.  (We 
made friends with the locksmith later and he used a codebook, not the math.)

The "X" corresponded to the pattern of evens and odds of the individual pins.  
I suppose in theory that 64 different patterns could have been given out, but 
any pattern that had only one (or even two) differences of even/oddness had 
better be on a different blank (or 1000+ miles away) or there would be too 
much chance of interchangability of keys.

The other basis I have for thinking that they only licensed part of "X" is 
that their grand master key had a passkey cut for the deepest pin.  This would 
only open 1/4 of the possible X locks (twice as many as they actually used).

We got quite a rise out of the administration by showing them just how easy it 
had been to solve their key system, and describing the real grand master (not 
the one they had) without ever having seen it.  The two of us who confronted 
them were threatened with instant expulsion if we were ever caught USING such 
knowledge; we didn't tell them about the others...

I think they had the cheapest available system, or maybe it was just bought 
early in Best's career.  The cores had those convenient holes for picking the 
core sleeve.  The pins had little (removable!) press in caps over the springs, 
so we could pick and remove a core, disassemble it and measure the pins, and 
reassemble and replace it, unharmed.  Took about an hour, but we were 
amateurs.  There were mushroom pins in some of the cores.  The locks, by the 
way, had a master key cut for the deepest pin, even though the school didn't 
use it.  (Maybe the police or Best co?)

There were competing groups of students who stole padlocks and disassembled 
them to figure out the system.  There must have been 3 separate successful 
masterkey projects in my class alone (I knew of 2, counting my own, and had 
evidence of another.  There might have been more, but with a graduating class 
of 59, I doubt it).  Someone let themselves into the locksmith's shop and 
stole the key machine the next year; very crude, they should have used it on 
the premises so no one would have suspected.

Best locks are convenient, but only elementary schools should dare to use 
them.  RPI used them also; when I went to check the place out senior year, 
practically the first thing I noticed was in the undergraduate handbook where 
it threatened instant expulsion to anyone who was caught with a master key.  
Might as well try to sweep back the tide.  I went to a college with a more 
relaxed attitude.

Speaking of common practice, key combinations are recycled.  Suppose that 
there are 40 doors and 64 possible keys.  If you "lose" your key, you pay a 
fine and get a new lock and key.  24 lost keys later, someone else will get a 
new copy of your "lost" key.  The loss rate is fairly low; the migration of 
students from room to room each year is much more likely to create 
unauthorized access.

						-- Spencer

Date:	Fri, 22 Jun 1990 16:06:00 -0400
From:	"Ned Freed@CDNnet.CA, Postmaster" <NED@hmcvax.claremont.edu>
Subject: Re: Security and Masterkeys

Don't expect the master to always be the lowest cut key. It is not in many
cases, although the pins where it is the "high cut" tend to be ones
reserved for zone master/grand master distinctions. However, I've never
seen a system where the highest cut was used in more than a couple of
pin positions, so the number of keys possible, even when working from a
single lock as an information source, is not very large.

Use of different grooves in the blank is the usual mechanism to
differeniate grand masters from great grand masters. However, adding
additional grooves to a key is pretty easy if you have access to a
mill and a tool of the proper size. Making your own key from brass stock
is also not too hard if you know what you're doing, and it makes complete
hash out of all these foolish "registered blank" schemes.

I mentioned making a key out of sheet metal in a previous posting. I once
made one out of mild steel as a sort of joke for somebody; it wasn't even
a master since that was not part of the joke (his key broke off in his
lock on two different occasions and I thought I'd make one that would not
suffer from this problem).

			Ned Freed

Date:	Tue, 3 Jul 1990 19:30:00 -0400
From:	Doug Gwyn <gwyn@smoke.brl.mil>
Subject: Re: Best Locks

>...  The two of us who confronted them were threatened with instant
>expulsion if we were ever caught USING such knowledge; we didn't tell
>them about the others...

That seems to be fairly typical of administrations.  Lock hackers can
be quite concerned about perceived weaknesses in the institution's
security systems, but the administration often prefers to act on the
principle that knowledge is bliss, rather than tackling the objectively
significant problem.  Anyway, one generally meets with the sort of
response that you reported, when trying to bring the attention of the
authorities to a real problem.  That's one of the reasons that
vigilantes come into existence.  At Rice, I sat in on SDS meetings just
to keep an eye on the radicals, and when they planned to blow up a
building on campus, some of us were ready to foil their plans by
entering through the steam tunnels; we didn't want our school destroyed.
(I heard that later the local SDS leader, Karolyn Kendrick, was wanted
"to help the authorities with their investigations", as the British
would put it, in connection with a similar attempt.)

>The cores had those convenient holes for picking the core sleeve.

Of course that's not what they were intended for; they're for a small
pin punch to push the pins out of the columns in case they're sticky.

(You can also drive out the pins, cap and all, but it spoils the spring.)

If you file the end of a 1/8" (I think it was) pin punch to a 45-degree
angle, it makes removing the caps without damage a breeze.

>The locks, by the way, had a master key cut for the deepest pin, even
>though the school didn't use it.  (Maybe the police or Best co?)

Best locks are pinned either by the factory or by a local Best rep.
It is NOT standard practice to add any levels of masterkeying for use
other than as part of the customer's masterkeying system.  It may be
that your school was indeed required to provide a master key to police
etc.  I don't think Best would dare build in a key for their own use.

>Someone let themselves into the locksmith's shop and stole the key
>machine the next year; very crude, they should have used it on 
>the premises so no one would have suspected.

There's always someone who doesn't have any sense of judgement and
steps beyond the bounds of harmless activity.  Stealing equipment is
certainly beyond the bounds.  At Rice, our lock hacking had to be
toned down because some idiot started stealing stuff through the
steam tunnels, and the administration threatened to expel anyone
found exploring the steam tunnels no matter what their intentions
were.  That pretty much ended a major hobby for several students.

One wonders why the school's official educational practices are so
stifling or boring that students find themselves turning to such
hobbies instead.

I've never heard of a technically-oriented college or university,
Best-using or not, where lock hacking didn't occur.  Too bad some
sort of locksmithing course credit isn't normally offered.

Date:	Thu, 5 Jul 1990 10:27:00 -0400
From:	levine@csd4.csd.uwm.edu
Subject: Re: Security and Masterkeys

> Sorry Leonard.  You must not be aware of any professionally designed
> master keying systems that were set up according to common locksmithing
> industry standards.

Don't I wish.  I spoke at length to our locking staff, as well as the 
building designers.  They did not even believe that this really bad design
was not the norm.  I agree with Seth that this is dangerous, but never
could get lock people to follow the problem.

Seth, are you speaking from theory or do you have a high masterkey in 
your posession?  I really want to know.

len levine

Date:	Thu, 5 Jul 1990 11:46:00 -0400
From:	mark%beowulf@ucsd.edu
Subject: Re: Security and Masterkeys

>A properly selected master key must be impossible to create by filing
>a change key.  That means it must contain at least one cut that is
>taller than the corresponding cut in every change key.

I don't know about "common locksmithing industry standards", but the 
Foley-Belsaw training course doesn't mention any such concern in their
lessons.  Almost everywhere I've ever been you could find a change key 
to convert to a master.  I think you are overestimating the 
training/concerns of most locksmiths.  Or perhaps is just that 
facilities outgrew the original "correct" design.

And who really cares about the master key shear line, any old shear 
line will work, even for keys that don't exist.  I've always had 
the best luck picking locks on a master key system.

And if you are in a position where you can request legitimate keys, 
you can often order masterkeys through the same office just by knowing 
the code (which you get by watching a janitor).

mark


 


































































































































































































































































































































































































































































































































































































































































































































































































Index Home About Blog