The number of comments in here slandering the developer’s morality for picking locks is actually pretty surprising for a site literally called Hacker News. Every day there’s a story on the front page of some grey/white-hat showing off an exploit they found to infiltrate a site we all use. It’s an odd double standard.
It's a site that was founded and run by venture capitalists. It always had "pro-big corporate" energy. If for nothing else, because that's one of the potential exit strategies.
Picking locks is a tradition in hacking. So morality is already off the table. Except if this is to save a cat - the offical reason for lockpicking in the 90s.
Now, the robot is hardly something you put together between dessert and coffee. Someone building this must have a live for hardware and lockpicking is just a pretext.
Does anyone even know about the classic MIT Guide to Lockpicking? Back in the day, it was so entertaining to come across this while in grad school and enjoying reading it instead of working on actual work.
We are made to be technical tinkerers, playing with tech, seeing if sending that input to that program will crash it. I see it not as a moral issue but as a technical skill, to understand how to work with systems, explore what doesn't work. That way you gain skills in how to make things work better.
Hopefully these people do realize that a lock is a promise saying "you belong to a society, be nice". They do very little beyond that, especially these days with small, powerful powertools.
Maybe when attacking a padlock on a highschool locker, or the door on an amazon-basics "safe", but try attacking something not primarily designed to be cheap/light. Try cracking the door on a money safe at a substantial business, a safe approved by an insurance provider for the storage of large sums, Even an ATM will resist power tools far longer than it will take the cops to show up.
I "belong" to a society? That suggests that a group owns me. Hrm I'm probably nit picking, but the idea of a society owning me isn't something I agree with. Also I'm free to leave.
This is linguistic nonsense on a par with disliking the phrase "my spouse" because it implies ownership. You can easily talk of "my country" or "my university" without claiming ownership, just as one can talk of "a sense of belonging" or of "belonging to a club" without feeling owned. Words have several meanings.
Instead of assuming the person you're chatting with is talking about slavery, and then when they clarify they're not talking about slavery, and you saying that it could be about slavery, you could just as easily say, "oh I misunderstood you". Sometimes humans have misunderstandings. Languages are messy. Just let it go.
They didn't misunderstand, they challenged the phrasing. Some people believe that words have power and language matters(or at least are entertaining the idea).
I haven't made any assumptions at all, reread what I said, then reread the replies. First one is a personal attack about being libertarian (an assumption), second one starts off as an attack too. I expressed a preference, in a light hearted way, hence the "hrm...". I come here for good faith debate and I'm genuinely grateful for it (I've said as much in other comments).
>> the idea of a society owning me isn't something I agree with.
Your agreement is irrelevant. Have you registered for selective service? Paid taxes? Have a drivers license? Check youtube for "sovcit traffic stop" to see what happens when people think they can live independent from the rest of society. The Amish must obey traffic laws just like everyone else.
>> Also I'm free to leave.
Nope. Many an american has fled to canada to avoid taxes/draft/jail. They are caught eventually. Citizenship is not property. You cannot just set it aside when you dont agree with its obligations. There is a process for leaving. It isnt short, easy, cheap or in any way guaranteed.
all rights are provided by a state or hegemon. Some rights are harder to take away than others. Some are easier.
the hegemon does not need to be defined.
Originally the word "hacker" made no distinction between the two meanings. This site is pretty old, so you're right, it was intended in the original "Kevin Mitnik" sense (the original hacker, who ironically would fall outside of the modern definition)
The modern acception focused on online computer security came much later. That meaning is neither the one used in the name of this site nor the one that would be relevant to this conversation.
To summarize: today's hackers are also yesterday's hackers, but yesterday's hackers may or may not be modern hackers.
> In the sense of the word that means people who write code, not people who break into things
It would be like if you were going over a list of pros and cons and when you got to the cons some guy was like "wow, you work with criminals, huh?" Then you tell him not that sort of con and he says "yeah, typical nerd bickering".
This is a class of device usually called an "auto dialer" and have been around for quite some time. This one appears to be fairly low-featured. Newer devices will automatically send a text when a safe has been opened and the better ones are programmed with knowledge of the internal plate schematics so they can shorten the brute force process.
I was surprised that those thin copper wires can actually push the pins up, I thought they would slide off to the side or compress themselves against the more solid/rigid pins.
I'm a strong supporter of the "I did it because I wanted to see if I could do it" ethos. So this isn't a criticism of the project itself, but I'm pretty sure a snap gun will beat this almost every time.
I feel like developing something that could actually pick locks including detecting binding pins, etc. is in the category of "not actually that hard if you devote the resources to it."
On the mechanical side there would certainly be some challenges (having to work within a key that's all the deepest cuts, using something that could push up to "shallowest cut" level without deforming, general structural strength problems) but once you had a viable insertable key portion built you might be able to read a lock based just on the amount of spring resistance at each pin. You could also provide tension while probing for pins under tension. If covert agencies don't already have pretty portable devices like that it's because they don't care enough to create them not because of some true technical problem with doing so.
I think the biggest problem is that the amount of tension you need to apply to hold the binding pins can vary quite a bit, and it's hard to build a mechanical device that can feel with enough fidelity to figure it out.
What a fun project! The use of wires to get around the corner is such a clever idea, although I see that goes back to the 90s. I'm surprised the idea isn't older.
I wonder what makes it take a minimum of 0.7s per combo, it seems like it could be sped up substantially.
Robotic sputnik tool, it is very slick. Something that's not obvious is that these work best on ABUS or other locks that have one solid driver pin and spools in every remaining pin stack. This way, when you locate and lift the solid driver pin, you gain a ton of "back and forth slack" in the plug. As you lift each successive spool driver the slack reduces until the shear line is hit on that pin stack and suddenly full slack again; repeat the process until the lock is open.
The devil is in the details though, there are some subtle features that need to be incorporated into the mechanics for the sputnik to work right. I have built a sputnik from scratch before, only after talking to Oli Diederichsen at a LockCon did I get some additional clues.
Also, I think there are plenty of other interesting things one could do besides brute forcing the lock with a simpler tool. Falle Safe has a single-wire variant on this for decoding locks. Again, the devil is in the details, just ramming wire up a pin stack doesn't get the job done.
I am pretty sure anyone building a lock picking robot is at least aware of some lock picking basics, and that's clearly not the point of a project like this. They could get a Lishi, a rake, a comb, almost anything, and we could also argue that this won't work with pin-in-pin dimple locks, tubular locks, and disc detainers, but again, obviously not the point.
I reread Neuromancer last month and there was a line about how the AI had to recruit a human for its plan b/c the final step had a mechanical lock that needed to be picked by feel. I’m glad to see this is a brute force approach and that us humans still have some use for a while more (not sure if my comment is /s or not).
Almost every digital lock I've seen (I own about 5) have a keyway hidden under a rubber tab or plastic tab. I haven't built an EMP device yet, but supposedly that works on a lot of them too.
It's not picking, it's brute forcing every combination. Lishi and other lockpicks require tension and feedback, often one pin at a time, which is the opposite of what this tool is doing.
Right. The next step up is a robot that uses a Lishi tool and force feedback. Then one that just uses a single pin pick and a tensioning tool. This is a neat machine learning problem.
Are there commercial versions of an automatic lock picker? Cursory googling seems to only have brute force electronic vibrators, nothing specific. Otherwise it seems like relying on force feedback and mechanically replicating lock picking techniques as a first step might be a great project that seems very technically feasible.
Human lockpickers use feedback when picking. I'm wondering if a bot could do the same - e.g. measuring the travel distance to find a binding pin, or the resistance to moving the wire?
Houses have windows, and bricks are widely available, locks don't protect you, they exist as a social contract: "don't go in here," if people want to go in there, they will, but we have a mostly civil society (fair to argue against this), and locksmiths exist, so this is just a tool, and a fun project.
Cool idea but I'm not buying the justification. There are many cases where the correct response to "but law enforcement needs a way in" is "we have a system for that, it's called a warrant."
Further, while standing somewhere for five minutes may be obvious in some situations, there are many cases in which it wouldn't be obvious at all, or the response time would be great enough that this could still be quite useful to bad guys.
Finally, "security through counting on slow hardware" is probably even worse than security through obscurity.
Locks are not security, in the sense that you're using. A sledgehammer goes right through 90% of them, or the hasps or latches secured by them. A competent lockpicking enthusiast will take two or three minutes to go through almost any of them. Someone motivated to get in with foreknowledge of the lock type can simply use a $200 camera and photograph your keyring from a couple blocks away, then 3d print all the keys on the ring and walk right in.
Law enforcement can use pick guns, which will open a large majority of door locks, if they don't want to just use a battering ram for some reason.
There are a ton of legitimate reasons to use lock picks, though - being able to use a pair of paperclips, or office supplies, can get you into network cabinets in a pinch, or if you lock your keys in your house or car and have a pick kit in your wallet. If a friend has an emergency and they know you can do it, it can save locksmith fees. Kids can lose keys in astonishing ways.
And the hobby is fun - it's manual dexterity, skill, obscure technical knowledge, and you gain an appreciation for all the lockpicking content out there, and get to see the brazen plot devices when movies portray lockpicking in ridiculous ways. There are engineering attempts at creating unpickable locks with some awesome youtube videos, with engineering geeks creating elaborate locks and shipping them to the lockpickinglawyer or other content creators.
It's also important from an educational standpoint. Knowing how secure you are is important, because assumptions can lead to tragic results. If you have a glass door, it doesn't matter if you've got a million dollar unpickable lock. If you know how trivial it is to open most padlocks, and what form factors of locks are most susceptible, you can make better decisions about securing storage units, trailers, outdoor gates, bikes, and so forth.
A device like this is a novelty, not a serious security threat, and I'd argue the threshold for building it exceeds the threshold for which there are a thousand other trivially accessible ways of bypassing a given lock. There are tools similar to this device in spirit, in which you set pins for a key type manually with the key inserted, and with a little practice, will get you through a door in under a minute.
> use a $200 camera and photograph your keyring from a couple blocks away
Rayleigh criterion: to resolve an angle of 4E-6 rad (key bitting step is 0.015inch =~0.4mm , two blocks is 2 * 200ft =~100m), you'd need a ~140mm aperture lens. Can you really buy one (with a camera no less) for $200?
Well, TIL I'm shitty at the private eye thing, lol. You'd need to get up close, then, or have really good cameras. You're not going to need .4mm precision so long as you can see the differential pattern, though. Memorizing a 5 digit number, each digit between 1-6, and you can remember any kwikset key at a glance, and so on. At most you'd need to print 10 possible solutions if you can't find an absolute difference between lowest and highest points, but most of the time the pattern will have 4-6 potential keys it could be.
Anyway, locks and keys are inconveniences that keep people from casually abusing civil boundaries, is the point, and not all reasons for overcoming those are nefarious.
Yeah, seeing how better and cheaper cameras are sold every day I thought that it might be plausible.. and then it apparently isn't.. yet. Maybe with a cheap telescope :)
A covert camera placed near the keyhole is probably a better solution anyway, because most people don't flash their keys when just walking on the street (maybe when unlocking a car, but with keyless that's becoming rare).
Used lenses from 30 years ago plus a DSLR from 15 years ago plus a suitable adapter will do the job, and may be in the price range with a bit of bargain hunting.
> use a $200 camera and photograph your keyring from a couple blocks away
I suppose serious defenders will need to get an EVVA MCS, if that's their threat model :-) Just don't let the really serious lockpickers near the lock with a contact microphone.
The thing about a sledgehammer is that if you're asleep in your house, you, your dog, your SO, or your neighbors might be startled awake by the sound of metal splitting and cracking open. Your security system might be designed to alert on something like a window being smashed. The person attempting to enter the house may be trying to enter undetected, because they know that a broken lock and/or a replaced lock will alert the people they're trying to ambush or steal from. Imagine something like industrial espionage, where a person breaks in undetected, steals an item, and then leaves. The occupant only realizes the item is gone a week later, and wonders if they could've misplaced it. In your scenario, they'd see the sledgehammered lock and immediately call the cops.
I see comments like these all the time on Reddit and Hackernews. Hackers are like, "locks aren't security, a sledgehammer breaks them" and it appears to betray a mental threat model of "what if the cops want my thing" and never "what if someone wishes to do me harm while I am in my house" or "what if a criminal wants to not get caught taking my things" or "what if someone wants to lie in wait in my house", which are not risks to these commenters. They are to a lot of people though.
People don't buy locks so that they can lose their keys and require the lock to be picked. They buy locks to secure access to items or places. The parent I was replying to is saying that locks aren't security because a sledgehammer breaks them. I argue that a sledgehammer is only important for certain threat models. I am quite aware that most lock picking is for lost keys. However, I am describing threat models for which locks are important security. Do you understand?
The parent you were replying to mentioned at least three things:
- lock picking hobbist
- snap gun
- sledgehammer
And you simplified their comment to "locks aren't security because a sledgehammer breaks them" then proceeded to describe threat models where a sledgehammer doesn't work in detail. It's not a very constructive discussion.
Even without the sledge hammer your locks probably aren't good enough to stop a thief with a set of picks. A robot that brute forces it is more expensive and slower than any of the existing tools, so it shouldn't change your threat model.
Locks and keys are usually more an inconvenience to prevent casual abuse of your boundaries. People who want access, nefarious or otherwise, will gain access, whether it's cops, ninja assassins, or junkies looking to strip your house of copper.
Ninja assassins are low on the list of possible threats, but never zero.
The biggest risk to me personally is the junkies and porch pirates, so signs and out of reach and very visible cameras have gone up to make them uncomfortable and feel too paranoid to mess with the locks.
They keep honest people honest and give a few moments more work to those that are dishonest. It's a promise to society that you'll act decent. Needless to say they mean nothing to those that break promises.
In almost all cases, with a lock or not, by the time you figure out the lock is broken (10 minutes or 10 days) your shit is long gone and you better have your security onion setup with multiple layers if you want the foggiest idea what happened.
If you have an above average risk of having your shit stole or becoming under attack you better have a whole shit load more layers in your defense or you're screwed.
It's a lot like turn signals - social communication that goes beyond the practical benefit. If you're using your turn signals, you're saying "I'm aware of the environment and a good participant in the game we're playing because I'm following the rules". If you don't use signals, you're telling people that you're not following the rules, and that makes you suspect in all the other social games. Kinda funny to do some people watching with that perspective, and to start to see how many assumptions are based on society being high trust - the exploitable vulnerabilities are endless, and people communicate a lot about themselves in the rules they choose to follow or break.
100%, especially while driving as you say. When teaching my daughter driving I tell her to watch for people other people breaking the law/bad driving in other ways and distance yourself from them. The probability of them doing something else stupid in the next few minutes when your in their vicinity approaches unity, and it reduces your chances of being what they hit.
Locks raise the cost of bad behavior, which makes it less likely. They can still be quite meaningful to someone who breaks those promises, if that person doesn't have the tools or time to defeat the lock, or is just plain lazy.
I live in a pretty low-crime area. From time to time, residents complain about things being stolen from their cars. Every single time that I've seen, the cars have been unlocked. A thief certainly could smash a window to steal from a locked car, but the thieves around here seem to be opportunistic and won't go that far.
And a larger lock pick tool does pretty much zero in the case you listed as that is not opportunistic. Those are pretty much the open up and steal when they see an unlocked car kind of people.
It does nothing for the type of criminals that work in groups and steal tires of 50 cars at once, or whatever soup de jour of automobile parts they want at that moment.
My point is, locks do more than just keep honest people honest, and they are meaningful to some people who are up to no good.
I wasn't addressing picks at all. My opinion there is that it's the lock maker and lock owner's responsibility to resist picking, and the rest of us have no obligation to keep it more difficult by not making tools.
I don't think even the non-3d printed commercial ones are for law enforcement purposes.
Besides being for fun, the main draw seems to be that it picks the lock _and_ gives you the bitting. So if you lose all your keys, your locksmith is now in and can easily remake keys without swapping out the lock core.
There may be cases were it's (much) cheaper to pay a locksmith to stand there for ten minutes and spend a few minutes at a key machine, rather than pick a lock in 30 seconds and spend 10 minutes installing a $100 high end lock cylinder.
Given that the locks are so pickable anyway (any causal perusal of YouTube will reveal as much) I think lock picking is something of a community service to let people know that locks are, and probably have always been, to keep honest people honest.
They also allow you to distinguish legitimate operations. Maybe that armed guard isn't sophisticated enough to realise that your ID is fake, but they do know that you're supposed to use a key to open these lock, you were not supposed to turn up and smash one open -- which means that maybe you're not who you say you are after all and best you stay right there while they call somebody.
Easy picks can mess with that. If I can open this with my tools in two shakes of a lamb's tail because the tolerances are far too big probably that guard doesn't notice, whereas if I'm there heaving and grimacing for ten minutes, or I need a sledgehammer or an angle grinder, they'd have to be completely moronic not to realise I'm not on the up-and-up.
I can kinda buy the justification but I dont think the solution will get adoption. The TSA will cut the TSA-compliant locks if it will take the agent longer to find the key than it will to find the cutter. Or at least that's what the airline employee told me when I asked why my compliant lock had been removed. Law enforcement are not going to settle for a 5 minute skeleton key.
The creator doesn’t mention anything about helping law enforcement. They mention cheap off-the-shelf tools that could do a better and faster job than this robot. There are many reasons pick locks, including it being a hobby.
I don't see how this would bypass the need for a warrant. It'd allow for picking the lock rather than breaking it when you _do_ have a warrant (and whoever has the key isn't available or isn't cooperating).
I have seen cops use lockpicking guns while serving warrants. I would much rather them do that then break the door down. Hopefully projects like this can make this better. Even though it’s cool enough on its own to exist just because
Even if the person is stone guilty I don’t think the police should be willy nilly destroying property in the process of serving a warrant.
I know much of the focus is rightly on increasing accountability for the damage done to humans, but I always cringe at the thought of how much damage they can cause while performing a search. Imagine if your kid, or roommate had a warrant and they came in, smashed all your drywall and left you with the bill.
> I would much rather them do that then break the door down
The fact that law enforcement isn't responsible for damages during a search is problematic. When it's done somewhere when they've screwed up the address is even worse. "oops, sorry" should not be enough.
Ah, that leaves us where we are now: able to recognize excessive force and excessive damage, but lacking the ability to punish the people responsible, who also decide not to pay victims anything.
Eh, its more that any one security tactic will almost certainly not cover the entire threat space.
Locks are very good at discouraging honest people and lazy, opportunistic people. They are not very good at discouraging generally skilled and motivated people, or people who are specifically interested in what's behind a specific door.
Locks are no obstacle if the intruder is willing to use social engineering. But if all they're trying to do is get into my garden shed, they're going to have to manipulate me or my spouse. Or somehow get past my dog. Meanwhile, my dog has absolutely no bearing on a bad actor getting access to my bank account. But similarly, bringing the full might of the best electronic security to bear to protect a chainsaw and a rake seems a bit excessive. And sort of beside the point, since I've not built my garden shed to withstand creation of an additional door (by e.g. a sawzall or a fireaxe).
> But if all they're trying to do is get into my garden shed, they're going to have to manipulate me or my spouse.
You can cut virtually any padlock with a battery powered angle grinder or battery powered hydraulic bolt/rebar cutters in under 30 seconds, there’s hundreds of YouTube videos that demonstrate it if you want to see for yourself. Lithium-ion battery powered tools changed the game.
Locks do not provide real physical security, they just keep honest and lazy people out.
Two of them in total, if I counted right.
I registered my first account in 2011 or so and even then it had plenty of "pro-big corporate" energy here.
Now, the robot is hardly something you put together between dessert and coffee. Someone building this must have a live for hardware and lockpicking is just a pretext.
And think about the cats!
We are made to be technical tinkerers, playing with tech, seeing if sending that input to that program will crash it. I see it not as a moral issue but as a technical skill, to understand how to work with systems, explore what doesn't work. That way you gain skills in how to make things work better.
This site stopped being Startup News just like Facebook became the 'metaverse' overnight.
> In the sense of the word that means people who write code, not people who break into things
Hopefully these people do realize that a lock is a promise saying "you belong to a society, be nice". They do very little beyond that, especially these days with small, powerful powertools.
Maybe when attacking a padlock on a highschool locker, or the door on an amazon-basics "safe", but try attacking something not primarily designed to be cheap/light. Try cracking the door on a money safe at a substantial business, a safe approved by an insurance provider for the storage of large sums, Even an ATM will resist power tools far longer than it will take the cops to show up.
It'll also spit in your face with a paint that's incredibly hard to wash off.
Instead of assuming the person you're chatting with is talking about slavery, and then when they clarify they're not talking about slavery, and you saying that it could be about slavery, you could just as easily say, "oh I misunderstood you". Sometimes humans have misunderstandings. Languages are messy. Just let it go.
Your agreement is irrelevant. Have you registered for selective service? Paid taxes? Have a drivers license? Check youtube for "sovcit traffic stop" to see what happens when people think they can live independent from the rest of society. The Amish must obey traffic laws just like everyone else.
>> Also I'm free to leave.
Nope. Many an american has fled to canada to avoid taxes/draft/jail. They are caught eventually. Citizenship is not property. You cannot just set it aside when you dont agree with its obligations. There is a process for leaving. It isnt short, easy, cheap or in any way guaranteed.
The parity bit gets immediately unreliable.
You're free to leave only if another country accepts you which is not a given.
This is not true.
The modern acception focused on online computer security came much later. That meaning is neither the one used in the name of this site nor the one that would be relevant to this conversation.
To summarize: today's hackers are also yesterday's hackers, but yesterday's hackers may or may not be modern hackers.
They did retract they record for its lack of objectivity.
> In the sense of the word that means people who write code, not people who break into things
It would be like if you were going over a list of pros and cons and when you got to the cons some guy was like "wow, you work with criminals, huh?" Then you tell him not that sort of con and he says "yeah, typical nerd bickering".
C'mon.
"One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations."
Pick a fight with a room full of pedants snicker snicker.
But… does it do commentary like “one is binding”, and does it try twice to see if it was a fluke? :)
It could do the "what I have for you today ..."routine though!
Or McNallyOfficial's.
[0] Blog about it: https://joeleb.com/safe-cracking-robot-defcon/
[1] Defcon video: https://www.youtube.com/watch?v=v9vIcfLrmiA
https://github.com/etinaude/Lock-Picking-Robot/tree/main/ima...
I was surprised that those thin copper wires can actually push the pins up, I thought they would slide off to the side or compress themselves against the more solid/rigid pins.
They are a kinetic attack on the pins, but they don't shear or shatter them.
On the mechanical side there would certainly be some challenges (having to work within a key that's all the deepest cuts, using something that could push up to "shallowest cut" level without deforming, general structural strength problems) but once you had a viable insertable key portion built you might be able to read a lock based just on the amount of spring resistance at each pin. You could also provide tension while probing for pins under tension. If covert agencies don't already have pretty portable devices like that it's because they don't care enough to create them not because of some true technical problem with doing so.
I wonder what makes it take a minimum of 0.7s per combo, it seems like it could be sped up substantially.
The devil is in the details though, there are some subtle features that need to be incorporated into the mechanics for the sputnik to work right. I have built a sputnik from scratch before, only after talking to Oli Diederichsen at a LockCon did I get some additional clues.
Also, I think there are plenty of other interesting things one could do besides brute forcing the lock with a simpler tool. Falle Safe has a single-wire variant on this for decoding locks. Again, the devil is in the details, just ramming wire up a pin stack doesn't get the job done.
[0] Lock bumping (Wikipedia): https://en.wikipedia.org/wiki/Lock_bumping
A friendly competition to see who can build the fastest robot that can open a small range of the most commonly used locks.
Those darn electrocutor locks! Best laugh this week :D
Maybe like this wild machine: https://youtu.be/CLcOZhq2GjQ?si=LJktKRzeHPRyXcXR&t=155
Great work by the author.
Somewhat less impressive than I was expecting. The wire idea is neat though.
Or discover when locks are built really badly: https://www.youtube.com/watch?v=yeDcOhWvq7I
Further, while standing somewhere for five minutes may be obvious in some situations, there are many cases in which it wouldn't be obvious at all, or the response time would be great enough that this could still be quite useful to bad guys.
Finally, "security through counting on slow hardware" is probably even worse than security through obscurity.
Law enforcement can use pick guns, which will open a large majority of door locks, if they don't want to just use a battering ram for some reason.
There are a ton of legitimate reasons to use lock picks, though - being able to use a pair of paperclips, or office supplies, can get you into network cabinets in a pinch, or if you lock your keys in your house or car and have a pick kit in your wallet. If a friend has an emergency and they know you can do it, it can save locksmith fees. Kids can lose keys in astonishing ways.
And the hobby is fun - it's manual dexterity, skill, obscure technical knowledge, and you gain an appreciation for all the lockpicking content out there, and get to see the brazen plot devices when movies portray lockpicking in ridiculous ways. There are engineering attempts at creating unpickable locks with some awesome youtube videos, with engineering geeks creating elaborate locks and shipping them to the lockpickinglawyer or other content creators.
It's also important from an educational standpoint. Knowing how secure you are is important, because assumptions can lead to tragic results. If you have a glass door, it doesn't matter if you've got a million dollar unpickable lock. If you know how trivial it is to open most padlocks, and what form factors of locks are most susceptible, you can make better decisions about securing storage units, trailers, outdoor gates, bikes, and so forth.
A device like this is a novelty, not a serious security threat, and I'd argue the threshold for building it exceeds the threshold for which there are a thousand other trivially accessible ways of bypassing a given lock. There are tools similar to this device in spirit, in which you set pins for a key type manually with the key inserted, and with a little practice, will get you through a door in under a minute.
Start here and enjoy! https://www.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ
Rayleigh criterion: to resolve an angle of 4E-6 rad (key bitting step is 0.015inch =~0.4mm , two blocks is 2 * 200ft =~100m), you'd need a ~140mm aperture lens. Can you really buy one (with a camera no less) for $200?
Anyway, locks and keys are inconveniences that keep people from casually abusing civil boundaries, is the point, and not all reasons for overcoming those are nefarious.
A covert camera placed near the keyhole is probably a better solution anyway, because most people don't flash their keys when just walking on the street (maybe when unlocking a car, but with keyless that's becoming rare).
I suppose serious defenders will need to get an EVVA MCS, if that's their threat model :-) Just don't let the really serious lockpickers near the lock with a contact microphone.
https://www.evva.com/int-en/products/mechanical-locking-syst...
I see comments like these all the time on Reddit and Hackernews. Hackers are like, "locks aren't security, a sledgehammer breaks them" and it appears to betray a mental threat model of "what if the cops want my thing" and never "what if someone wishes to do me harm while I am in my house" or "what if a criminal wants to not get caught taking my things" or "what if someone wants to lie in wait in my house", which are not risks to these commenters. They are to a lot of people though.
This isn’t the movies. 99% of the time people need their own lock picked because they lost they key
- lock picking hobbist
- snap gun
- sledgehammer
And you simplified their comment to "locks aren't security because a sledgehammer breaks them" then proceeded to describe threat models where a sledgehammer doesn't work in detail. It's not a very constructive discussion.
You need more than that to prevent theft. They are like the first layer of an onion.
Lock companies put out a lot of advertising to make it seem like their products work far better than they actually do.
Ninja assassins are low on the list of possible threats, but never zero.
The biggest risk to me personally is the junkies and porch pirates, so signs and out of reach and very visible cameras have gone up to make them uncomfortable and feel too paranoid to mess with the locks.
They keep honest people honest and give a few moments more work to those that are dishonest. It's a promise to society that you'll act decent. Needless to say they mean nothing to those that break promises.
In almost all cases, with a lock or not, by the time you figure out the lock is broken (10 minutes or 10 days) your shit is long gone and you better have your security onion setup with multiple layers if you want the foggiest idea what happened.
If you have an above average risk of having your shit stole or becoming under attack you better have a whole shit load more layers in your defense or you're screwed.
100%, especially while driving as you say. When teaching my daughter driving I tell her to watch for people other people breaking the law/bad driving in other ways and distance yourself from them. The probability of them doing something else stupid in the next few minutes when your in their vicinity approaches unity, and it reduces your chances of being what they hit.
I live in a pretty low-crime area. From time to time, residents complain about things being stolen from their cars. Every single time that I've seen, the cars have been unlocked. A thief certainly could smash a window to steal from a locked car, but the thieves around here seem to be opportunistic and won't go that far.
It does nothing for the type of criminals that work in groups and steal tires of 50 cars at once, or whatever soup de jour of automobile parts they want at that moment.
I wasn't addressing picks at all. My opinion there is that it's the lock maker and lock owner's responsibility to resist picking, and the rest of us have no obligation to keep it more difficult by not making tools.
Besides being for fun, the main draw seems to be that it picks the lock _and_ gives you the bitting. So if you lose all your keys, your locksmith is now in and can easily remake keys without swapping out the lock core.
There may be cases were it's (much) cheaper to pay a locksmith to stand there for ten minutes and spend a few minutes at a key machine, rather than pick a lock in 30 seconds and spend 10 minutes installing a $100 high end lock cylinder.
Easy picks can mess with that. If I can open this with my tools in two shakes of a lamb's tail because the tolerances are far too big probably that guard doesn't notice, whereas if I'm there heaving and grimacing for ten minutes, or I need a sledgehammer or an angle grinder, they'd have to be completely moronic not to realise I'm not on the up-and-up.
Even if the person is stone guilty I don’t think the police should be willy nilly destroying property in the process of serving a warrant.
I know much of the focus is rightly on increasing accountability for the damage done to humans, but I always cringe at the thought of how much damage they can cause while performing a search. Imagine if your kid, or roommate had a warrant and they came in, smashed all your drywall and left you with the bill.
The fact that law enforcement isn't responsible for damages during a search is problematic. When it's done somewhere when they've screwed up the address is even worse. "oops, sorry" should not be enough.
FTFY
Security through locks doesn't work in the first place. At least not locks that can be picked by this robot. Pick gun is a thing.
Locks are very good at discouraging honest people and lazy, opportunistic people. They are not very good at discouraging generally skilled and motivated people, or people who are specifically interested in what's behind a specific door.
Locks are no obstacle if the intruder is willing to use social engineering. But if all they're trying to do is get into my garden shed, they're going to have to manipulate me or my spouse. Or somehow get past my dog. Meanwhile, my dog has absolutely no bearing on a bad actor getting access to my bank account. But similarly, bringing the full might of the best electronic security to bear to protect a chainsaw and a rake seems a bit excessive. And sort of beside the point, since I've not built my garden shed to withstand creation of an additional door (by e.g. a sawzall or a fireaxe).
You can cut virtually any padlock with a battery powered angle grinder or battery powered hydraulic bolt/rebar cutters in under 30 seconds, there’s hundreds of YouTube videos that demonstrate it if you want to see for yourself. Lithium-ion battery powered tools changed the game.
Locks do not provide real physical security, they just keep honest and lazy people out.