Modifying an older Corbin for pick resistance

[FarmerFreak]

That seems cool and all but you have defeated the purpose for which the cylinder was designed...

By locking the inner plug to the outer master ring all you have is ONE shear-line now with all the things you have added to it...

I think you missed something.

The temptation to make this lock extremely difficult to pick overwhelmed me. So the first thing I did was add a pin on the side to "loosely" lock the inner core and the master sleeve together. This made it so you had to pick the outer sleeve to get the lock to turn.

At this point it was very easy to pick the inner core, which will turn about 4-5 degrees and stop. And then if you didn't know better you would think that you made it to the spooled pins, halfway there, except all the pins are actually set to the bottom shear line!! Such a nasty little deceptive trick.

It is very important that the inner core be allowed to turn a little bit while the outer core stays locked. But in such a way that it cannot be turned separate from the outer core.

I hope you have modified the cam interface on the back of the cylinder, like they are covered on a Medeco high security cylinder for obvious reasons...

Have you also added drill protection to the keyway area of the cylinder ???

Nope, and nope. This lock was only set up to test the pick resistance, and to give me the experience of what it might be like to pick a lock like this. This was never intended to actually be put in use. Not that I would be opposed to the idea, but does anybody really have a lock that still uses this size of cylinder?

[Evan]

@FarmerFreak:

I didn't miss anything, I can see that you have improved the pick resistance of this cylinder... I am particularly interested in your milling the upper driver pin chambers to a larger size and using the Medeco pins with holes drilled in them for a second spring as a means of preventing key bumping... But your modifications have also basically made the reason for which this type of cylinder was designed for moot since you now have a lock with only one functional shearline (the outer ring)...

A master ring cylinder was designed for the ability to key change keys to the inner plug (only one key or a small few keys) and master keys to the outer ring and not need any direct relationship as far as the cuts on the change keys and master keys in the same chamber of the lock since build up pins are used to key from the lower pin stack height in the inner plug of a chamber up to the master ring... In a master ring cylinder you would have the change key bottom pins in the plug (using master pins at the plug only for cross keying) and then use build up pins to raise the stack to the shallowest master key cut at the ring shearline using master pins there to make the deeper keys work... That would mean that you could even use reverse parity and have your change key cuts jump from 0,2,4,6,8 to 1,3,5,7,9 under master keys with even cuts, expanding the size of the possible system you can create using the cylinders...

Master ring cylinders are useful mechanisms for asymmetric master key systems where you need vastly different numbers of change keys under different master keys in the system... In fact any change key can be used under any of the master keys in the system... These cylinders allow for many more possible master keys for extensive selective master keying if you need or require that capacity without needing to have the keys share the same cuts as you would in a conventional single shear line cylinder...

The cylinders by design also frustrate the Dayton method of reverse engineering a master key (made famous by Matt Blaze's paper on rights amplification) since possession of a change key would only help you manipulate the inner plug shearline and not the master keys at the ring shearline... They are also able to eliminate many "phantom keys" due the design since master cuts only work at the ring and change key cuts only at the inner plug... So having a key with some cuts from each won't operate entirely at either shearline...

The only shortcoming I see with the original design of these cylinders is that they don't use grub screws to load the chambers from the top, you have to pry out the metal spring cover to load them from the top and then carefully re-seat it if it can be reused or you need a new cover every time they are rekeyed... Also choosing to use these cylinders means you are forced to use only certain compatible hardware offered by Corbin-Russwin namely the ML2000 series mortise locks from which a few options and trims styles in the hardware series are excluded when you specify master ring cylinders... Unit locks which use a different type of master ring cylinder and certain exit devices which are available with trim operators which are compatible with master ring cylinders are also options when using master ring keying systems... Even with all of those drawbacks you are able to create very unique keying systems using these cylinders and you have yet to factor in multiplexed keyways into the equation...

So with that in mind I was asking why you would eliminate the ability of the inner plug to rotate 360 degrees and locking it to the master ring... It defeats the purpose for which it was designed...

You have many good ideas here with this cylinder which as you clarified was only ever intended to be a practicing dummy and not ever used in a lock to secure a door... Since if it was ever used in real life and it became apparent to a person attempting to pick it they would likely move on to other lock bypassing methods to gain entry...

Here is a sincere question for you since you have invested a lot of time in taking this cylinder apart to study it and brainstorm about your modifications to it, other than the bump resistance feature you have added how would you alter a master ring cylinder to improve pick resistance yet allow it to continue to have two independently operating shearlines...

~~ Evan

[FarmerFreak]

So with that in mind I was asking why you would eliminate the ability of the inner plug to rotate 360 degrees and locking it to the master ring... It defeats the purpose for which it was designed...

From a purely lock picking stand point. The original design was/is flawed because it is designed to be masterkeyed. Which is always completely pointless for pick resistance. So I changed it so it intentionally shouldn't be masterkeyed and made it harder to pick... Why? Because I can and it was fun.

Here is a sincere question for you since you have invested a lot of time in taking this cylinder apart to study it and brainstorm about your modifications to it, other than the bump resistance feature you have added how would you alter a master ring cylinder to improve pick resistance yet allow it to continue to have two independently operating shearlines...

The more shearlines in a lock that don't allow the lock to open, in and of themselves make a lock harder to pick.

A standard lock for example has one shear line. It's simple, as you find the binding pin you lift it to the first and only shear line that the pin clicks at and move on to the next pin until it turns.

However a lock that has multiple shear lines isn't so simple. First you find the binding pin, then lift it to "a" shear line. The question now is. Did you set it to the correct shear line? How will you know if you set it to the correct shear line? The way this lock is now set up, if the pins are all set at the wrong shear line it will turn a little bit. The effect is very similar to a spooled false set. With one very big difference. There is nothing to give it any counter-rotation when trying to lift the pins up, because they are correctly set albeit to the wrong shear line.

[98AB49DC5A]

This is really an amazing design. The only attack I think would work better than brute force search of the keyspace would be a precision measurement attack, similar to how you crack combination locks. with that you could open it a bit faster but It's probably out of reach for the average burglar. amazing design.

[Evan]

This is really an amazing design. The only attack I think would work better than brute force search of the keyspace would be a precision measurement attack, similar to how you crack combination locks. with that you could open it a bit faster but It's probably out of reach for the average burglar. amazing design.

Really ?

That sounds like it would take a lot longer than a strategically located application of the motorized "rotary" pick tool...

~~ Evan

[FarmerFreak]

This is really an amazing design. The only attack I think would work better than brute force search of the keyspace would be a precision measurement attack, similar to how you crack combination locks. with that you could open it a bit faster but It's probably out of reach for the average burglar. amazing design.

Really ?

That sounds like it would take a lot longer than a strategically located application of the motorized "rotary" pick tool...

~~ Evan

If it makes you feel any better. We could always install a 1" thick hard plate over the front of the lock. We'll have to make sure that part of the hard plate can rotate with the cylinder and only has a slot in it the shape of the keyway (yes the key would have to be longer to accommodate all of this). Then we will have to make sure that there isn't a slot in the cam in the back, or just more hard plate in the back of the lock somewhere between the last pin and the cam. And last but not least, add an Anti drill chemical/pyrotechnic relocker (because that's a seriously cool idea).

Since that kind of stuff can get added to most of the cylinder ideas that we come up with. There isn't much point in talking about destructive entry when the emphasis is on picking. Is there?

Something to think about, anytime you or anybody else thinks about using a drill to get past something because it's the easy way out. The question is, does that hold you back? In other words could that hold your lock defeating skills back from being a great picker to only being a good picker, or from finding other non-destructive entry methods because the drill is always reliable? This isn't meant to be any kind of a personal attack on you or anybody else, just something to ponder over.

[Evan]

If it makes you feel any better. We could always install a 1" thick hard plate over the front of the lock. We'll have to make sure that part of the hard plate can rotate with the cylinder and only has a slot in it the shape of the keyway (yes the key would have to be longer to accommodate all of this). Then we will have to make sure that there isn't a slot in the cam in the back, or just more hard plate in the back of the lock somewhere between the last pin and the cam. And last but not least, add an Anti drill chemical/pyrotechnic relocker (because that's a seriously cool idea).

Since that kind of stuff can get added to most of the cylinder ideas that we come up with. There isn't much point in talking about destructive entry when the emphasis is on picking. Is there?

Something to think about, anytime you or anybody else thinks about using a drill to get past something because it's the easy way out. The question is, does that hold you back? In other words could that hold your lock defeating skills back from being a great picker to only being a good picker, or from finding other non-destructive entry methods because the drill is always reliable? This isn't meant to be any kind of a personal attack on you or anybody else, just something to ponder over.

In the non-Locksport world of locksmithing and facilities maintenance "time is money"... If you make a lock so difficult to pick or decode (in 99.9999% of in-house situations something has happened to the cylinder to prevent it from working no matter how you try to manipulate it, either from some form of vandalism or something that went wrong which can not be corrected through the keyway if no other means of entering the room is available so one can disassemble the lock to repair it) no one will waste the time in making any attempt to pick or decode it...

Only Matt Blaze would use the term "keyspace" or the phrase "precision measurement attack" because those experienced in "professional" burglary would not spend more than 5 minutes trying to pick open a lock when it only takes someone who knows what they are doing less time than that to extract even a high security cylinder from a door using the right tools and methods... The "average burglar" isn't going to have any lock tools and will engage in brute force entry techniques along the lines of battering in and/or prying the door open which will make a lot of noise...

Adding hard plate to a door to protect the outside of locks only slows someone who knows what they are doing down... There are tools available that can easily defeat such fortifications readily and many fire departments in large cities are well practiced in the science of entering through such reinforced doors very quickly... It all boils down to being able to understand what is going on with the locks from what you can see from the outside of the door and knowing what has to be done to get in through what is there in front of you... In the real world such reinforcement would only be added to an exterior door in a less frequently monitored area where brute force attacks would be considered a plausible risk...

I know that many on this website enjoy the picking skills they develop and the "solving the puzzle" aspect of learning how to manipulate locks... The logic that many here follow doesn't really apply to the world of employees that have to quickly fix something and move on to the next task because you already started the day several work orders behind where management anticipated you being at that point in the week and you have a co-worker out that day so no matter how hard you work you will still be behind at the end of the work day... That logic also definitely doesn't apply to the world of criminals who really don't care what they have to do to commit an act of burglary as long as they get a good head start before the people they have stolen something from notice that stuff is missing...

I think that the difference here is that you are brainstorming lock ideas which will never be installed in a door somewhere to be used in actual securing property... Picking a lock is much different when you are holding it in your hand versus when it is installed in a lock bolted in an actual door which is locked... Another aspect to this is that the "puzzle" you are considering is only consisting of the small portion of the larger picture which contains only the lock in it... There are different solutions out there which will arrive at the same goal but if I can permanently repair the lock in question by forcefully removing the cylinder and replacing it with a new one keyed up to the proper configuration for the door in question in 30 minutes and be done with it, why would someone who might have 10 other work orders for unexplained broken and/or inaccessible door issues spend 2 or 3 hours trying to solve the puzzle of a lock modified to be harder to pick ? The destructive methods used in business and by locksmiths might seem costly to you but the downtime while the employees can not gain access to the areas closed off by the broken or vandalized and therefore inaccessible doors are doing more damage to the operations of the business environment than destroying a few replaceable pieces on the door and restoring normal conditions quickly... It is a puzzle with vastly different pieces involved than the ones being considered by a Locksport enthusiast...

Case in point: I once had a door lock that someone (later determined to be a friend and co-worker of a recently terminated employee) super-glued to an office that because the occupant of the office didn't phone up facilities right away in the morning to report it as an "emergency" had resorted to smashing the one of the "lites" (panes of decorative glass around the door opening) to gain entry after waiting two hours and not having anyone up there to deal with his issue... That was a fun sacrificed lunch hour, spent cleaning up the mess of glass pieces off the floor, removing the bits of glass from the window frame and securing the opening rather than eating, that ultimately ended up with the employee in question (who was a rather important and "high up the food chain" manager) having money deducted from his paycheck to cover the additional damages HE did to gain entry to his own office... What would have only cost $100 in parts and labor to remove and replace the mortise cylinder had turned into an almost $1,000 job when all was said and done to deal with the temporary closure of the window opening with plywood barricades and ordering a piece of replacement glass of the correct size and type to be installed by the glass company we had under contract for that facility...

~~ Evan

[FarmerFreak]

I have to admit that some of your comments made me laugh. Maybe you don't know this, but I'm a locksmith and have been for the last decade. In the real world the ability to defeat a lock without destructive force saves a ton of time. You simply don't have to worry about the time involved in replacing hardware and can get on to the next job. I'm not going to say that there aren't times when a drill is necessary. And I'm not going to talk about other ways to bypass a lock or even how a criminal would do it.

But when it comes to being a locksmith and needing to get someone into something, destructive entry usually costs the customer more and makes it so your job takes longer. If it costs the customer more to call someone else than it does to call me, and the customer has to wait around longer than when they call me. The simple fact is they won't want to call the other person after they see what I can do.

Take a Kwikset smartkey for example. If a person is locked out. Most locksmiths will destroy the lock to gain entry, or use semi-destructive methods. And then they will likely need to replace the lock when finished. Yet I don't destroy the lock and can open that lock using a completely non-destructive method. It takes 4-5 minutes from start to finish. I'm not saying that they shouldn't have the option to replace the lock. But if all they wanted was to get in. Why be a jerk and break their lock? Sounds like a good way to lose customers.

[Evan]

I have to admit that some of your comments made me laugh. Maybe you don't know this, but I'm a locksmith and have been for the last decade. In the real world the ability to defeat a lock without destructive force saves a ton of time. You simply don't have to worry about the time involved in replacing hardware and can get on to the next job. I'm not going to say that there aren't times when a drill is necessary. And I'm not going to talk about other ways to bypass a lock or even how a criminal would do it.

But when it comes to being a locksmith and needing to get someone into something, destructive entry usually costs the customer more and makes it so your job takes longer. If it costs the customer more to call someone else than it does to call me, and the customer has to wait around longer than when they call me. The simple fact is they won't want to call the other person after they see what I can do.

Take a Kwikset smartkey for example. If a person is locked out. Most locksmiths will destroy the lock to gain entry, or use semi-destructive methods. And then they will likely need to replace the lock when finished. Yet I don't destroy the lock and can open that lock using a completely non-destructive method. It takes 4-5 minutes from start to finish. I'm not saying that they shouldn't have the option to replace the lock. But if all they wanted was to get in. Why be a jerk and break their lock? Sounds like a good way to lose customers.

But I wasn't discussing the issue of residential customers... Such customers are usually much more unreasonable about needing to destroy a lock and would rather watch you work for an hour feeling that they are at least getting their monies worth out of your service call fee...

I was clearly stating that commercial institutions often see wasting time as being more expensive than destroying a lock cylinder and replacing it... There are also rooms and doors in commercial buildings which have NO other alternative means of accessing the space behind the door and since the door and frame cost more to replace than the lock cylinder, the lock cylinder is the expendable part... Real commercial institutional facilities will often have boxes full of cylinders in stock sitting on a shelf ready to be keyed up to whatever to replace something which has failed or been vandalized... Especially if the lock system they are using had a minimum buy-in for a geographically exclusive security level...

It is good that you understand your market segment, although the lessons you have learned there are limited to residential applications and light commercial situations where there is not an institutional level
involvement of facilities management in play...

~~ Evan

[femurat]

Hey guys, we are in "The Open Source Lock" forum, let's talk about new lock projects and ideas, not lockouts.

I like this lock idea! I can't imagine how this puzzle could be solved...

Peace

[unlisted]

Enough with this "locksport/locksmith" comparison creeping into threads.

Lets keep stuff on topic, I don't mind seeing a line or two on comparisons, but when you have whole paragraphs/novels/multiple posts, it does get old- fast.


Thanks guys.


(further posts may be edited/deleted to keep discussions on topic)

[LocksmithArmy]

I think just using slightly larger holes on the top of the cylinder would make that happen.

Good call.

I like it.

The picture doesn't depict this too well. Just so everyone is clear. At the point where the larger diameter chambers get smaller, it should be beveled so the driver pins don't get caught and hang up.

so what im lookin at in this picture... with all the master pins you can easily pick the inner cylinder to spin it... i like this ides, spin the inner cylinder all day but you cant open the lock, youd have to mod the cam so it fits on the outer cylinder instead of the inner one to make it a workable lock. (yes i understand ur just playing with the picking aspect) so as a picking challange the picker is trying to remove the core?
or am i missing something on how this lock works?

[LocksmithArmy]

nevermind, i see whats up... but it gives me ideas

[FarmerFreak]

http://www.youtube.com/watch?v=mIQWIMyXgtI

[FarmerFreak]

Admittedly it does have one possibly serious non-destructive vulnerability in it's current state.

If all of the pins were lifted to a -1 depth (comb attack), the first 5 chambers would be lined up to the master ring shear line. The only thing preventing it from turning at that point is the 6th pin, which gets set to the shear line after the plug rotates 20ish degrees. However since that is the only pin preventing it from turning, the lock could theoretically be rapped on to bounce that pin.

So I have two ideas for dealing with this problem. Neither of which I'm worried about doing on my sample/test/cool looking lock. One, would be to have a stronger spring cap allowing me to use Schlage T drivers to help prevent any overlifting attacks (If you don't know how that would prevent overlifting attacks, you should check out some of my other mods ). Two, would be to use multiple pins/chambers set up like the 6th chamber is, but from multiple angles. Such as one at straight up, one 90 degrees to the right, and one 90 degrees to the left.