It's entertaining watching the Lock Picking Lawyer's videos. He's very good. And far too many locks are embarrassingly bad.
Lockpicking ought to be exponentially hard. You should have to try all the pin position combinations. Something like 5^6 for a 6-pin cylinder. But is in practice, it's not much worse than linear. You can tell when you're making forward progress. That's considered a total fail in a cryptographic system, but is accepted in the keyed lock industry.
The guy with the Stuff Made Here videos did make a lock that is not supposed to let you know if you're making progress. That makes picking exponentially hard again. The info the key provides is recorded mechanically, and then, as you turn the key, that info is later tested with the cylinder in a position that blocks access to the mechanism. That isolation between "read key" and "test key data" is what makes it work. He has an elegant, reasonably compact design, although it turned out to have other vulnerabilities. If you were willing to have a big box of a lock inside or behind the door, like many 19th century and earlier locks, this would be much easier to build.
As locks wear, they become easier and easier to pick. Heavily worn pin-tumbler locks can be opened by almost anything that randomly moves the pins up and down while you apply some tension. Rakes, vibrators, etc.
Many electronic locks are vulnerable due to putting the electronics that makes the decision to open on the outside, where it can be tampered with. You'd think the outside would just have a keypad or sensor, with all the good stuff behind the door, but all too often, no. Also, most electronic locks come with a mechanical backup lock, usually one that's not very good.
For the majority of applications, locks are for "keeping honest people honest". With the right tools most locks take seconds to circumvent, think breaking a window, cutting the steel, drilling out the lock. For situations where it actually matters, professionals know to secure elsewhere before the actual lock is considered.
I mean, ideally you have a breaking break-in so that you have evidence for the insurance that you have, in fact, been broken into. Best to have a lock that is easier to break than to pick IMO. But yeah, the base premise is that it should avoid crimes of opportunity. Like the steel cables to lock laptops and screens to tables; they won't stand up for a pair of sturdy snips, but they can't be snatched up quickly.
For people willing to commit insurance fraud putting a few scratches on the lock and door to make it look legit isn't really that much of an effort. Are insurance companies actually conditioning their conclusion based on this kind of evidence?
The real value of a lock that's hard to pick is that it forces the burglar to carry more tools and use noisier, time consuming methods. All of this makes the break-in far more obvious and detectable much faster by neighbors, or anyone really, even the owner.
And you want to make the job harder and riskier for the burglar so the bar is higher for how willing they must be to go through with the job.
Most burglaries are "blind" ones, meaning the burglars have a reasonably good idea of the job's value and difficulty level. So if you have a lot of valuables you have to do your darnedest to raise the job's difficulty: make the break in take time, be noisy, and generally draw attention, or forcing the robbers to leave a lot of evidence behind.
Not the comment you replied to, but the parent comment.
I agree with what you said, but I wanted to put in the context of what I wrote. Unless your windows and doors have actual anti burglar features, the lock doesn't matter at all. A large screwdriver is often enough to force a window open and a pry bar will make short work of a door. Not until those have been properly secured does the lock matter. And according to some insurance companies in Denmark, thieves does not pick locks anyway. They use a method of force.
There is no point making a lock more secure. No one actually picks locks other than for fun. They just cut them or hit them with a hammer. That custom design lock shows a lot about why we don’t have ultra secure locks as it takes an insane design with huge numbers of moving parts which aren’t so reliable and extremely expensive to produce.
One interesting case of "locks" getting less secure is for bank bags. On one of the recent LockPickingLawyer videos he talks about how these bags are easy to cut through but that's not usually an issue because they're mainly designed to be tamper-evident. Using a real lock is more of a risk so many banks are switching to an adhesive seal instead of a zipper-lock.
I mean... the alternative is to just drill/break the lock, or break down the door. The only added benefit to lockpicking is, that it's harder for the owner to notice that the lock was picked/door opened, but if your plan is to steal an xbox, there are much easier and more efficient (...and destructive) way to do it.
I'm no lockpicker, but fan of the LPL. To me very simple solution would be to have 2x keys requiring to be turned simultaneously. Since picking requires tension and probing no human should be able to pick two spots at the same time.
Then again, as noob I suspect there may be very simple reason why this isn't implemented.
I'd note that for a motorcycle disc brake I wouldn't complain about this.
If it takes a lockpicking artist more than a minute to pick it while being able to move it around in three dimensions it would take so time on the street too.
>Then again, as noob I suspect there may be very simple reason why this isn't implemented.
Not everyone has two hands or all fingers for a good grip? I have made the interesting observation that on very cold days my fingers are sometimes too numb to turn the key around in order to unlock the door. I then need to use both hands to turn the key to get inside my apartment to warm up.
If you have sustained access to any lock (and have the skills/tooling) it's only a matter of time. It will only slow down a determined attacker. It's entirely plausible there is no lock that could defeat him.
That said, a good security system will have multiple (nested) zones and multiple controls to defeat in each zone - picking a lock by itself should not be enough to gain access, and you should not be able to get to the lock to begin with without being spotted or setting off alarms and triggering a police response.
I learned lock picking at Defcon in the lock pick arena. They had tools, clear locks, and locks with 1 pin, 2 pins, etc. all the way to 6 pins. And of course you could buy a set of picks right there, and just hope the TSA didn't find them on the way home.
These are the kinds of things I miss now that conferences have gone virtual for now. I hope they return to in person when safe, or at least a hybrid model going forward.
I had that exact experience in 2021 at DEF CON, I was attending the physical part of their hybrid format and it was quite awesome and felt relatively safe.
I'd personally found that picking never stuck: Something between understanding the fundamentals and individual pin picking that my brain refuses to handle.
With that said, I discovered impressioning, which I find infinitely more tactile, interesting and exciting.
As you say, there's almost infinite space for evolution.
A string with a knot and "do not enter" sign also provide some friction. I don't see it as a justification for modern, widely-sold locks to be that poor.
People buy these believing it's actual physical protection, yet it's usually not.
I've enjoyed learning, inspired by DeviantOllam and LPL. The clear practice locks are amazing for getting you used to the process. I haven't managed to pick anything that isn't see-through yet, but I enjoy trying.
The highlight of my "career" though was when an escape room we played had an optional lockpicking challenge. It turned out to just be a clear practice lock which I got through it with no trouble, and then proceeded to pick a pair of handcuffs that apparently I wasn't supposed to pick. I had never tried before, but it really was as easy as it looks on TV. (they gave me a lockpick but apparently I'm not supposed to use it? there was an actual handcuff key inside one of the other locked boxes)
for those people in the UK, snapping the lock is suposedly the most common way of burglars getting through doors.
This involves (as the name implies) just twisting the lock if it sticks out or using a blow tourch to melt the handle or just snapping the handle off, to a get purchase on the lock see https://www.youtube.com/watch?v=JBqHryHXSj8
btw LockpickingLawer did a review of imho of one of the better locks to protect against this and is reasonably pick proof (he had no negative comments!!) https://www.youtube.com/watch?v=nOakyPgrpyw. Which is the lock I have (I'm not affiliated in any way)
When I was a kid, people would bring a hammer a screwdriver or wrench to a set of lockers. One guy moves down the line sticking the metal bar through the lock and smashing it with the hammer to pop the lock open, the rest of the guys clean out the lockers, then everyone runs (they would abandon the tools which were probably also stolen). Not sure what they would actually get away with but things like Sony Walkmans and other valuables (e.g. expensive coats) would be stolen all the time.
reminds me of when I/we lost all the keys to the panel locks on a server frame.
My collegue was asking how do we get new keys, I then showed him the easy way and put a large long flat screwdriver in to the lock, another screwdriver through the hole in the handle and turned it effortlessly. twisting the whole lock and opening it
Somehow my 11 year old got interested in lockpicking (maybe happened upon LPL?). So I got him a kit consisting of a clear-bodied lock and picking tools. He had mastered it within a couple of hours. Then he taught me. And since them we've picked every pad lock and door lock in our house. The biggest and meanest looking ones turned out to be all bluff and the easiest to pick. I hadn't thought that it might be illegal where I live. Maybe better check.
Correct, in Poland formally even owning lock-picking tools is illegal when you are not a certified locksmith. Which is a bit funny because buying those on Aliexpress and similar sites is very popular.
Recent law changes make it illegal to own an ammunition shell. I have had one huge artillery shell as an umbrella holder at home, hope my parents got rid of it.
Speaking as a guy who used to break into stuff for fun and exploration, lockpicking is a primary skill and the #1 best way to get through doors. Used it a hundred times. Only busted a door once, but that was a special situation.
Tension wrench and triangle rake. Works 80% of the time. And if that fails there's usually more doors to try.
i've been told that locks are for the "honest people so that their conscience does not wander" while a determined robber does not care about your defences
Lockpicking ought to be exponentially hard. You should have to try all the pin position combinations. Something like 5^6 for a 6-pin cylinder. But is in practice, it's not much worse than linear. You can tell when you're making forward progress. That's considered a total fail in a cryptographic system, but is accepted in the keyed lock industry.
The guy with the Stuff Made Here videos did make a lock that is not supposed to let you know if you're making progress. That makes picking exponentially hard again. The info the key provides is recorded mechanically, and then, as you turn the key, that info is later tested with the cylinder in a position that blocks access to the mechanism. That isolation between "read key" and "test key data" is what makes it work. He has an elegant, reasonably compact design, although it turned out to have other vulnerabilities. If you were willing to have a big box of a lock inside or behind the door, like many 19th century and earlier locks, this would be much easier to build.
As locks wear, they become easier and easier to pick. Heavily worn pin-tumbler locks can be opened by almost anything that randomly moves the pins up and down while you apply some tension. Rakes, vibrators, etc.
Many electronic locks are vulnerable due to putting the electronics that makes the decision to open on the outside, where it can be tampered with. You'd think the outside would just have a keypad or sensor, with all the good stuff behind the door, but all too often, no. Also, most electronic locks come with a mechanical backup lock, usually one that's not very good.