Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Which lock that you buy that a locksmith can't unlock?


>Which lock can you buy that a locksmith can't unlock?

"Unlock" is the key verb here, and any good safe should have that property to as great an extent as possible within its economic target. There is a critical distinction to make between the ability to "unlock" something and the mere ability to "gain access" it. While both ultimately yield up whatever is being protected, part of the core concept of "unlocking" is that it's non-destructive and trivially reversible, and thus to some extent provides some of the services of checksumming to the real world. It's not merely about preventing unauthorized access, but knowing about unauthorized access that couldn't be prevented. Any decent locksmith should be able to access any standard safe (that's their whole job) without any keys, but for a good safe that should require physical bypass (such as drilling, mechanical or energetic application, etc) to be involved, which will leave marks. In a legitimate scenario that's fine, because legitimate scenarios (including the government getting a warrant in an investigation) are not covert. As always in security an adversary with access to and willingness to use sufficient resources may be able to figure something out, but to point is to make that a bar sufficient to whatever level that situation needs.

If an electronic lock makes it trivial though to not merely gain access, but for non-owners to "unlock it", ie., to access with a speed and transparency equivalent to that of a legitimate operator, then that is actually a different and more concerning threat profile no matter what the case. As another example, it's certainly hardly an unknown threat that somebody could trivially smash the windows on a typical car to gain access to the interior. But that doesn't mean someone shouldn't be concerned if a newer car with an electronic lock can be trivially made to unlock in a way that's indistinguishable from the owner. There is a risk/reward economic difference that in turn changes the security threat profile.


I didn't choose the term "unlock" randomly... I know that they can unlock most locks without leaving any evidence behind (maybe even all locks)... which is why I asked this question.


Spend some time on bosnianbill's Youtube channel and you'll definitely get some tips. In particular, I'd recommend these videos:

Buying Security: https://www.youtube.com/watch?v=u_7GLxmyaXM

Choosing a high Security Lock: https://www.youtube.com/watch?v=nsJZ_kKjXcE

(Be ware of about 2 minutes 30 seconds of sarcasm in the last one!)

Otherwise, browse through the rest of his videos, skipping the challenge locks unless it's something that fascinates you: https://www.youtube.com/user/bosnianbill/videos

Essentially, cheap locks can be bypassed very easily (almost anything by Masterlock). More expensive locks ($60+) will have more pins, making them harder to pick, and often have replaceable cores. Of course, security isn't just about the lock, which is addressed in the first video.

Hope this gives you a starting point!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: