Locks That Resist Decoding

[m12]

Any opinions on brands of locks that cannot be or are most difficult to decode or read. Where a picker manipulating the lock couldn't determine the code or narrow it down and make a working key.

[GWiens2001]

Most electronic locks. Same with most magnetic locks.

As for mechanical locks, it depends on the skill and experience of the picker. Not being able to "narrow it down" is simply not going to happen with a mechanical lock, at least with a person who is skilled enough with locks.

Gordon

[m12]

I've actually been thinking about the potential of electronic locks to be impenetrable. It would have to have open source code that could be reviewed by anyone in the software programming community, just like an open source operating system (ex. Linux). This would be the best way to expose any vulnerabilities and fix them. A "key" containing the electronic code would physically interface with the lock, sending the unlock code, thus unlocking. No wireless communication. This would be a one-way communication only, so that no one could communicate with the circuitry within the door - there would be a 2-way communication interface inside the door where the code could be changed. This is my idea for a truly secure like. Matt

[GWiens2001]

Electronic locks are far from invulnerable. But they fit what you were requesting.

Gordon

[m12]

Wouldn't an "open source" code reduce vulnerabilities. If vulnerabilities were to exist, they would be in the software or hardware - you would have to address both to make the lock secure.

[Squelchtone]

Wouldn't an "open source" code reduce vulnerabilities. If vulnerabilities were to exist, they would be in the software or hardware - you would have to address both to make the lock secure.

Have you not found our Open source lock section? We have a whole section for such ideas.

Most locks out right now are made by companies who use proprietary hardware and software including homebrew crypto or badly implemented crypto or well know databases with hackable passwords (look at Legion303's work with Cyber Lock)

The open source idea is great but whos gonna manufacture it and make it viable? So for now were stuck with propristary and hackable.

Squelchtone

[m12]

I found the TOLS posts which address this. So, any mechanical lock may be decoded, but any opinions on which brands of locks make this most difficult, I think of Protec, maybe Mauer, Keso Omega.

[Squelchtone]

I found the TOLS posts which address this. So, any mechanical lock may be decoded, but any opinions on which brands of locks make this most difficult, I think of Protec, maybe Mauer, Keso Omega.

I have to ask, is this for fun/research or are you looking at upgrading your home locks and want something unpickable?

Anything mechanical is pickable.. eventually. Just in the last year 2 locks fell that none of us thought were pickable, the Abloy Classic and the Evva MCS.

Who knows which impossible to pick lock will fall next?

Also I noticed youre using the word decoded... decoding implies a special tool that can read the state of the lock and allows for giving you the bitting needed to then go make a key. Some decoders also allow the lock to be opened once decoded others only give you info to make a working key.

Most of us here pick locks, we dont decode them. The advantage is immediate results when the lock is picked and open, but additional work is then required to read pin heights in order to decode the lock..

Squelchtone

[m12]

You are right, it is for fun and research, a hobby; however, as a natural progression, I also want the best security for my home. And to me the best lock is one that is unpickable, or most difficult to pick and secondly is difficult to "decode" by ascertaining the code of the lock, observing the position and/or configuration of the locking elements (usually once picked) that would enable someone to make a working key.
If they couldn't make a working key, they would have to pick it every time.

[billdeserthills]

You are right, it is for fun and research, a hobby; however, as a natural progression, I also want the best security for my home. And to me the best lock is one that is unpickable, or most difficult to pick and secondly is difficult to "decode" by ascertaining the code of the lock, observing the position and/or configuration of the locking elements (usually once picked) that would enable someone to make a working key.
If they couldn't make a working key, they would have to pick it every time.

What's the difference, doesn't your home have windows?
Out my way every home has lots of windows and bunches of rocks laying on the ground outside them

[demux]

For my personal stuff, I generally apply the "Halfling-Dragon Principle":

If you find yourself in the company of a halfling and an ill-tempered dragon, remember that you do not have to outrun the dragon; you simply have to outrun the halfling.

In other words, if you want to keep people out of your stuff, your security doesn't need to be impregnable, it just has to be noticeably better than the security protecting similar stuff in the same vicinity.

As Squelchtone and Bill both alluded to, any sufficiently motivated adversary with sufficient skill, time, and resources, who wants to get into your stuff, is going to get into your stuff.

Of course, home/personal security is a lot more than just putting a good lock on your front door.

[dontlook]

I just want to put it out there that neither open source code nor closed source code has proven invulnerable. They both are a reflection of the care into coding, review, and fixing vulnerabilities. Time and time again the cliche of open source software being able to be reviewed by many has failed, due to really not many reviewing it. Also being open source, does not mean outsiders will have the ability to submit fixes that are accepted(or apply their own fixes).

It is also possible that closed source software gets the attention it needs and can end up better than some open source software.

having said that I do like Open Source Software.

[demux]

I just want to put it out there that neither open source code nor closed source code has proven invulnerable. They both are a reflection of the care into coding, review, and fixing vulnerabilities. Time and time again the cliche of open source software being able to be reviewed by many has failed, due to really not many reviewing it. Also being open source, does not mean outsiders will have the ability to submit fixes that are accepted(or apply their own fixes).

It is also possible that closed source software gets the attention it needs and can end up better than some open source software.

having said that I do like Open Source Software.

+1. Personally, I find the appeal to be that one can review it, not necessarily that one does. Sunshine, as they say, is the best disinfectant. Having everything out in the open and publicly reviewable should at least reduce the likelihood of someone trying to intentionally slip something malicious/insecure/dumb in. Again, as you say, not that it can't happen, it just raises the bar.