BEST IC pinning software -unnecessary reduction of keyspace?

[ridinplugspinnaz]

This is a question that's been burning in my mind for some time, and I can't work out a logical reason as to why this seems to be the case, so hopefully one of the IC experts or institutional locksmiths here can shed some light on the subject... here goes.

Since I first became interested in locks physical security (and began noticing the nuts and bolts of these systems), I've had the privilege of examining keys and locks from two different master-keyed BEST IC installations at large businesses. What struck me about both installations was that all of their cores were combinated in a pretty particular way.

[ridinplugspinnaz]

Ugh, looks like my computer decided to submit the post prematurely... anyway, I'll continue the thread in this post. If a mod wants to clean this up and combine both posts later on, go right ahead.

Anyway, continuing on. What I noticed about both these installations that seems really strange to me is that the "distance" between a change key bitting and its associated master bitting (or other change key bittings if several keys are intended to open the same lock) — this distance is always an integer multiple of 2.

That is to say, if the master cut on a given pin stack is a 0, then the change key will always be either a 2, 4, 6, or 8 — never a 1, 3, 5 or 9. Similarly, the control key cut for that pin stack will also always be an even-numbered cut. Likewise for so-called "odd-numbered" pin stacks. Across both installations, I never, not once, saw an odd-numbered change cut paired with an even-numbered master cut or control cut.

Now, given that these were large installations with institutional locksmiths, I can only assume that they aren't manually creating these mastered systems, there has to be software managing it, presumably a BEST software package. But what sticks out in my mind is that this method by which the software seems to be master-keying these locks appears to be effectively reducing the keyspace of the lock drastically. If the distance rule that I've observed is always followed, then it is an effective keyspace reduction from 10^7 unique keys to 5^7 unique keys (assuming a 7-pin core): (5^7) / (10^7) = 0.0078125, or just 0.78% — less than one percent — of the ideal keyspace.

Effectively, a lock that is supposed to offer one million candidate keys instead has a practical keyspace of just 78,125 keys. This boggles my mind, and I cannot for the life of me figure out why a master or submaster pin stack cut would ever need to be an even-numbered wafer away from the change key cut. Yet this seems to be standard procedure for at least the two BEST-equipped institutions that I've been privy to. Why on earth is that? I'm dying to hear a qualified answer from someone that knows better than I why such a drastic reduction in the keyspace is occurring in institutional master-keyed installations.

[FarmerFreak]

Actually most masterkey systems are this way, not just Best. The main reason for having 2 depths in between each key is to help prevent an incorrect key from working another lock. If for example you have two keys on the chart that are only one cut and one depth off from each other. There is a very good chance that you can get at least one of those keys to work both locks. Even though they are technically different keys.

And just so you know. Sometimes the system won't always follow the strict odd/even sequence. For example if the master key has a 0 cut, the other keys could still follow the odd cuts for that space. 3,5,7,9, They couldn't use a 1 though. They can never use a 1 depth next to a 0 because there aren't any #1 master pins. If they did use a #1 master pin the lock would likely jam up and fail.

[ridinplugspinnaz]

Actually most masterkey systems are this way, not just Best. The main reason for having 2 depths in between each key is to help prevent an incorrect key from working another lock. If for example you have two keys on the chart that are only one cut and one depth off from each other. There is a very good chance that you can get at least one of those keys to work both locks. Even though they are technically different keys. They can never use a 1 depth next to a 0 because there aren't any #1 master pins. If they did use a #1 master pin the lock would likely jam up and fail.

Well technically speaking, there exist (or used to exist) #1 master wafers for SFICs (a few people on this board have seen them), but I know that for the reasons you mentioned (unintentional cross-keying, jamming locks) they don't use them anymore. So it makes sense that there needs to be at least a difference of 2 between the master and change pin stack cuts.

And just so you know. Sometimes the system won't always follow the strict odd/even sequence. For example if the master key has a 0 cut, the other keys could still follow the odd cuts for that space. 3,5,7,9, They couldn't use a 1 though.

See, that makes sense to me, and I've seen manually master-keyed installations do just what you've described. What I don't understand is why the software-combinated systems I've looked at always — I have never seen an exception to this — use only odd or only even cuts in a given pin position. I have yet to see a single lock whose master cut was an odd number if the change cut was even (or vise versa). There seems to be no technical reason for it, so why is the software instructing the locksmith to combinate cores is a way that drastically reduces the keyspace of the lock? This is what I don't understand. Is it a deficiency in the software? Is there a convenience factor here that I'm unaware of?

[FarmerFreak]

I'm sure it is just convenience. I myself haven't actually worked with the software to be able to tell you if their software can or can't do it. But I would guess that even if the software can do it. The user probably has to know how to make the software do it, as opposed to the software making the decision for them. And since it makes little difference, why bother?

[Raymond]

Just to add to your confusion:
Most maskerkey programs I have seen offer the user the choice of what size increment to use. 2-step is the default by design as it offers the most combinations without sacrificing the risk of two different change keys being wiggled to open one lock. You can designate a 2-step system , a 1-step system or even a 3-step system. On very small masterkey systems I have used 3-step systems just to keep the change keys more different.

The Best A4 system was deliberately designed to use a 1-step system. Kwikset was also designed to use the 1-step as the .023" thick wafer is usually adequate to prevent accidental interchanges between similar change keys. However, most locksmiths still lean toward the 2-step systems.

In Best style locks, the control key does not necessarily have to follow the even/odd design. Since it is using a different shear line you do not have to worry about too thin wafers. Corbin-Russwin's master ring cylinder also has no need for thin wafers as the master key uses one shear line and all the change keys use the other shear line.

[mcm757207]

Best, and similar companies such as Falcon, use several formats; namely A2, A3, and A4. A2 is by far the most common, and consists of a max depth of 9 with no MACS. The main reason a number two master pin is the smallest that is used is because it was found that any pin smaller than about .019" had the capability of tipping in the chamber, obviously causing all sorts of problems. If I remember correctly that's the primary reason why the A3 format is not used any more, as it used master pins which were too small.

There are a couple of reasons why it's good to alternate even/odd. I guess the primary reason is to encourage greater variation between cuts. When picking a bitting for a master key, there are a number of things that are taken into account:
-You don't want a particularly deep cut near the head of the key, as it is more likely to break
-You don't want a particularly high cut need the tip of the key, because that creates more wear in the lock
-You want at least one position to be higher than any CK (change key) bitting in that position so that no single CK can be filed down to a TMK (top master key).
-And you also want at least one position to be lower than most CK bittings, to make it more difficult to reverse engineer the system.

Finally, you want your master key to have adequate high/low variation for a couple of reasons. First, for added pick resistance. Second, to keep worn out master keys from being pulled out of the cylinder. If a TMK was cut to any of the following, it would be easy to pull out once the key got worn:
1111111
9999999
1357799
Forcing even/odd in the first two of the above examples would help that problem, 1212121 is less likely to be pulled out than 1111111. I do believe there are also issues with even/odd that have to do with different kinds of progressions or ways to increase key bittings... but I can't really think of what those are at the moment.

Now the only disadvantage, as you stated, to using an increment of 2 and odd/even variation (although more the former), is the decrease in your KBA (key bitting array), or total number of change keys you get to pick from.

But how often do you think people have to design systems that needs more than 78,000 different change keys? Not to mention you can use sectional, or multiplex, keyways to exponentially increase that if you really needed to.

There's a lot I need to learn about interchangeable cores, but I do have faith in the fact that advanced masterkeying and IC systems have been designed and practiced by many very very smart people over the years, and I'm sure everything is done for a very good reason.

[ridinplugspinnaz]

Wow guys, those were some extremely informative replies, I really appreciate you taking the time to put all that down.

mcm, I wanted to address one part of your post in particular:

Now the only disadvantage, as you stated, to using an increment of 2 and odd/even variation (although more the former), is the decrease in your KBA (key bitting array), or total number of change keys you get to pick from.

My point here is not necessarily that this type of bitting progression decreases the KBA (though it surely does, as you eloquently pointed out). Rather, when the software decides that, for a given pin stack, the cuts will only be even, or only be odd, then from the vantage point of an attacker (referencing the Blaze rights-amplification method, in this case), the work he/she has to do to extrapolate the TMK bitting for that pin stack is significantly reduced, as the attacker now only has to test 4 positions out of 10 on this pin stack.

A quick example: say a change key's bitting in a TPP mastered system is 0123456. An attacker attempts a rights-amplification attack on the system by querying each pin stack individually, and starts with the pin stack where his change key has a 6-cut as noted above. If, in fact, the lock was combinated to only put even-numbered cuts on that pin stack, then the attacker can omit testing the 1,3,5,6,7 and 9 depths for that pin stack, which is practically a reduction of 50% of the number of trials that would otherwise be necessary, if one could not infer the bitting progression for the pin stack.

For a 7-pin MKed lock, this reduces the total number of queries required to reveal the TMK to 4x7 = 28 in the best case. If the attacker pre-cuts all 7 test keys beforehand and tests all 7 keys each time he/she engages the lock, that's only 4 required appearances at the door to successfully surmise the TMK from a single change key. By comparison, if the attacker could not infer whether or not an odd-numbered cut would show up in that pin stack, then he/she would be required to query each pin stack 9 times, requiring 9x7 = 72 appearances at the door, or 9 appearances, trying 7 keys each time, for a pre-cut array of test keys.

I guess my overarching point is that when I look at the system from an attacker's vantage point, I see this type of master-keying method as weaker than it could be. If masterkey-combinating software would throw in even one occasional odd cut in an "even-numbered" pin stack, it forces an attacker trying to rights-amplify a change key to do a lot more work to get there. If the attacker is querying a lock that might arouse suspicion if it's being opened or tested frequently, this could dissuade a would-be attacker from trying the attack altogether. At a best-case figure of just 4 "appearances at the door" for a lock where the attacker can reduce the queryspace purely by inference, that is a pretty devastatingly short amount of time required to uncover the whole system's TMK.

Realistically though, the limitations of this type of MK system seem to mean that you're if you do, if you don't, so perhaps it would just be all for naught anyway. What they really need is a bitting progression where a #1 wafer can be reliably used, so these sorts of compromises in the KBA don't have to be made.

[ridinplugspinnaz]

Realistically though, the limitations of this type of MK system seem to mean that you're <censored> if you do, <censored> if you don't

That should say "d*mned if you do, d*mned you don't". Frickin word filter...

[mcm757207]

It doesn't take a heck of a lot longer to try eight keys instead of four or five. That attack assumes also that the attacker has access to a bitting that operates that lock, and also that he has access to blanks.

If the attacker has the technical ability to reverse the masterkey system, has access to a CK, and has access to blanks, I don't think trying a few extra keys (5 seconds per pin stack?) is going to deter him all that much.

Not to mention, a skilled attacker could very well probe each depth despite the likelyhood of it only being odd/even - if the system was set up by hand, for example, the TMK might not be on that pattern (although not likely).

[straightpick]

A quick example: say a change key's bitting in a TPP mastered system is 0123456. An attacker attempts a rights-amplification attack on the system by querying each pin stack individually, and starts with the pin stack where his change key has a 6-cut as noted above. If, in fact, the lock was combinated to only put even-numbered cuts on that pin stack, then the attacker can omit testing the 1,3,5,6,7 and 9 depths for that pin stack, which is practically a reduction of 50% of the number of trials that would otherwise be necessary, if one could not infer the bitting progression for the pin stack.

Ahh, if it were only that simple. The master key is 2961830. Your change key is 0123456. All you know is that it is a two cut increment system. So you proceed to guess the master key. Your change key's first cut is 6. So the master key has to have a cut of 0,2,4,or 8. That's 4 cuts. Your change key's second cut is 5. The master key's cut is a 1,3,7 or 9, also 4 cuts and so on. That is 4x4x4x4x4x4x4= 16,384 combinations, one of which is the master key. 16,384 is also the maximum usable key bittings in a 7 pin system, not 78,125. Reason being is that any cut on a change key does not appear in the same position as the master key, so it is not 5x5x5 etc.

Why don't you use an odd cut in an even number progression? The answer is parity. Parity is the pattern of the master key cuts, even or odd. A master key of 237854 is EOOEOE, E being even and O being odd. In a six pin lock there are 26 different parity patterns. Maintaining parity eliminates the possibility of key interchange. That is also why you you never mix the A2 and A4 systems together. A2 has parity; A4 does not. Mix them together and you guarantee key interchange. It also determines the maximum number of change keys possible. In a Best system or any other one that has a MAC of 9 it doesn't matter but the choice of parity in, say a Schlage system, which has a MAC of 7 it does. Say you have a OEOEO parity in Schlage and your master is 92103. You can't use a 1 cut in the first position or a 9 cut in the third position, they violate the MAC. So you have 3x4x3x4x4 = 576 possible change keys. If your master was 06842 oor EEEEE, you would have 4x4x4x4x4 = 1024 possible change keys.

[lorenzolrom]

Effectively, a lock that is supposed to offer one million candidate keys instead has a practical keyspace of just 78,125 keys. This boggles my mind, and I cannot for the life of me figure out why a master or submaster pin stack cut would ever need to be an even-numbered wafer away from the change key cut. Yet this seems to be standard procedure for at least the two BEST-equipped institutions that I've been privy to. Why on earth is that? I'm dying to hear a qualified answer from someone that knows better than I why such a drastic reduction in the keyspace is occurring in institutional master-keyed installations.

Something nobody touched on here is that not maintaining pairity, especially early on before the system is close to exhausted, will destroy the possibility of doing cross-keying, which someone may ask for down the line. If there is no pairity in a chamber and you decide to cross-key two keys that are only one step apart, you'll have to use the non-spec #1 wafer, which could jam.

[Squelchtone]

Effectively, a lock that is supposed to offer one million candidate keys instead has a practical keyspace of just 78,125 keys. This boggles my mind, and I cannot for the life of me figure out why a master or submaster pin stack cut would ever need to be an even-numbered wafer away from the change key cut. Yet this seems to be standard procedure for at least the two BEST-equipped institutions that I've been privy to. Why on earth is that? I'm dying to hear a qualified answer from someone that knows better than I why such a drastic reduction in the keyspace is occurring in institutional master-keyed installations.

Something nobody touched on here is that not maintaining pairity, especially early on before the system is close to exhausted, will destroy the possibility of doing cross-keying, which someone may ask for down the line. If there is no pairity in a chamber and you decide to cross-key two keys that are only one step apart, you'll have to use the non-spec #1 wafer, which could jam.

Hello and welcome to the forum. Just in case you didn't notice, you replied to a post from 12 years ago. Most of the people in the thread have long come and gone, so unless an old question is finally being answered, or something really important is being added to the thread, we try to not wake up old threads from that long ago. Anything a year or two old is ok, but 5, 10, 15 year old threads, usually not ok.

Regarding what you wrote, I could see it adding to the exiting conversation, so I'm ok with it in this case, but try to not make that a regular habit in other replies.

I thought the idea of cross keying was considered a bad practice. Why would anyone actually want to introduce that sort of thing into a system?

Thank you for your understanding,
Squelchtone

[GWiens2001]

The reason cross keying may be necessary is so change keys or master keys may need to be able to open locks in common. You may need to have keys from separate areas of master keyed areas to have access to the same rooms.

There is even standard notation in a key space chart specifically to identify a core as requiring it to be cross-keyed. Usually the code starts with an X.

Gordon

[demux]

I thought the idea of cross keying was considered a bad practice. Why would anyone actually want to introduce that sort of thing into a system?

Overly exuberant cross keying without thinking is bad. If done properly with a bit of planning and forethought, it's a useful tool in the master key system designer's bag. I've designed master key systems with cross keying, but it was part of the system specs from the beginning and thus planned for. I usually try to put the areas that need it just one or two differs apart in the bitting list, thus requiring only a single extra master wafer. The main problem is that if you do a lot of it without thinking, you can quickly introduce a ton of ghost keys.