Western Electric 30C?

[fjardeson]

I wonder if the Western Electric 30C lock is public domain yet. Wow, that would make one heck of a safe lock (long key ala Rosengrens). Matt Blaze has a great write-up on these, it's one of my favorite designs (google C30 Matt Blaze).

It is a classic present-then-authenticate design.

[unlisted]

Link? Google is not playing nice.

[mh]

viewtopic.php?f=7&t=47274&p=357126&hilit=western+electric#p357126

[98AB49DC5A]

these locks only partially implement the present then authenticate concept. Ignoring for now the exposed lever sides the levers themselves are all one piece designs. the lever(s) that block bolt movement will bind and this should be detectable by just pressing upwards on them. I propose a decoder similar to the variable key shown here (http://www.postimage.org/image.php?v=aV1yHrA)(stolen from LSS, falle variable key system) with loose key sections and two arms under said sections capable of slightly lifting the sections. one section that is not binding can be lifted slightly to loosen the tumbler lock and they you use the other to slightly lift the levers looking for binding. this reveals wrong lever positions allowing you to eliminate possibilities. unless you can isolate the locking surface(lever side in this case) from the user/attacker while checking occurs the attacker can check for binding and eliminate possible locking element positions.

[Squelchtone]

In case anyone is looking for one... Here's one and Here's another.

I dont know the sellers, just passing this along.
Squelchtone

[Raymond]

I have an old lock like this but I do not find the 30C designation anywhere. The bottom of the keys also have three shallow cuts for what looks like three pin tumblers. The plug will not turn until these pins are picked and of course the bolt requires the correct lever combination to be drawn. Does anyone know what model this might be. The plates holding it together are relatively thick and the rivets just are not removeable without serious damage. It uses about the same style key but the head of the key is rounded.

[TOWCH]

these locks only partially implement the present then authenticate concept. Ignoring for now the exposed lever sides the levers themselves are all one piece designs. the lever(s) that block bolt movement will bind and this should be detectable by just pressing upwards on them. I propose a decoder similar to the variable key shown here (http://www.postimage.org/image.php?v=aV1yHrA)(stolen from LSS, falle variable key system) with loose key sections and two arms under said sections capable of slightly lifting the sections. one section that is not binding can be lifted slightly to loosen the tumbler lock and they you use the other to slightly lift the levers looking for binding. this reveals wrong lever positions allowing you to eliminate possibilities. unless you can isolate the locking surface(lever side in this case) from the user/attacker while checking occurs the attacker can check for binding and eliminate possible locking element positions.

Look again. There levers have teeth which lock in to a sawtooth spring loaded catch. Pin and cam won't work. I wonder how much brass oxides effect conductivity?

[98AB49DC5A]

I hold by my original statement, this lock only partially implements the present then authenticate concept. The lever lock that you mention can be loosened by pusing one lever up, this allows the other levers a little bit of movement. pin and cam would be a little bit more difficult to implement but it is still feasable.

I propose a (possibly) new way of lifting pins through the use of a planar cam, as opposed to using rotation, you use relative lateral movement
http://www.postimage.org/image.php?v=aVsAaI0
This mechanism can be made arbitrarily thin, thin enough that you can fit two of them side by side at the bottom of the 30c/29b keyway. instead of using pins, thin stamped key sections would be used instead. these could be stamped so as to move up and down in the curtain having two lifting cams allows you to lift one non blocking lever, to hold back the lever lock(serrated thing that interfaces w/ teeth on levers), while at the same time testing other levers for binding, this allows you to find incorrect lever positions, you get the idea all ready
here is a picture
http://www.postimage.org/image.php?v=gxgkNs9

in order to properly implement the commit then authenticate system, you have to:
accept the information - (levers lifted to proper height)
commit- lock them in place
authenticate - test them

full immobilization is impossible so information will be leaked in a mechanical lock if the detainers are directly accessible during testing. One way to prevent leakage is to produce them in two parts, one of which is immobilised partially and accesible to the key and the other being loosely coupled to the first. the second portion acts as a detainer and is not accesible during testing.

during testing the tester is being pressed up against the detainers. the detainers are not all exactly the same size moving the one blocking the tester to another position will change, minutely, the distance the tester can travel before being blocked. the tester is being driven by the key in most locks so if the attacker measure, directly or indirectly, the position of the tester he can determine the blocking lever. For this reason even if the locks in question isolated the detainers you could still open the lock faster than a brute force search of the keyspace would allow. Adding a mask to the data helps to prevent such attacks.

the 30c and 29b fail at implementing the latter two, they are not insecure but don't implement the commit then authenticate principle completely

[mh]

In case anyone is looking for one... Here's one and Here's another.

I dont know the sellers, just passing this along.
Squelchtone

I can highly recommend the seller ssyhre - when I asked him about 6 locks, he listed them specifically for me, and they arrived in excellent condition with no customs trouble.

Cheers
mh

[TOWCH]

I hold by my original statement, this lock only partially implements the present then authenticate concept. The lever lock that you mention can be loosened by pusing one lever up, this allows the other levers a little bit of movement. pin and cam would be a little bit more difficult to implement but it is still feasable.

I propose a (possibly) new way of lifting pins through the use of a planar cam, as opposed to using rotation, you use relative lateral movement
http://www.postimage.org/image.php?v=aVsAaI0
This mechanism can be made arbitrarily thin, thin enough that you can fit two of them side by side at the bottom of the 30c/29b keyway. instead of using pins, thin stamped key sections would be used instead. these could be stamped so as to move up and down in the curtain having two lifting cams allows you to lift one non blocking lever, to hold back the lever lock(serrated thing that interfaces w/ teeth on levers), while at the same time testing other levers for binding, this allows you to find incorrect lever positions, you get the idea all ready
here is a picture
http://www.postimage.org/image.php?v=gxgkNs9

in order to properly implement the commit then authenticate system, you have to:
accept the information - (levers lifted to proper height)
commit- lock them in place
authenticate - test them

full immobilization is impossible so information will be leaked in a mechanical lock if the detainers are directly accessible during testing. One way to prevent leakage is to produce them in two parts, one of which is immobilised partially and accesible to the key and the other being loosely coupled to the first. the second portion acts as a detainer and is not accesible during testing.

during testing the tester is being pressed up against the detainers. the detainers are not all exactly the same size moving the one blocking the tester to another position will change, minutely, the distance the tester can travel before being blocked. the tester is being driven by the key in most locks so if the attacker measure, directly or indirectly, the position of the tester he can determine the blocking lever. For this reason even if the locks in question isolated the detainers you could still open the lock faster than a brute force search of the keyspace would allow. Adding a mask to the data helps to prevent such attacks.

the 30c and 29b fail at implementing the latter two, they are not insecure but don't implement the commit then authenticate principle completely

I don't understand. The ratchet mechanism on mine is very positive. There is no play. Are you saying that there is sufficient play between the clutch and the levers to do a pin and cam attack?

Manipulating this lock like a direct drive combination lock was being worked on by Matt Blaze and company if I remember correctly, and judging from the lack of announcements to the contrary: I suspect were not successful.

Your post did raise an idea I had never considered before, which is generally what happens when I'm about to claim something is impossible. If the lever stack was pulled to the front/back of the lock using an L-shaped wire, it may be possible that a binding fence could be felt out by pushing the levers to the other side of the lock one by one like flipping through a pile of DVDs.

The clutch only locks the levers in one axis of movement.

In terms of patents: I'm sure they're expired, but you'd be hard pressed to make a lock of this quality for a lower price than their ebay value. Especially when they're being swapped out for Medeco in mass.

The main market may be in replacement levers, rivets, and keyblanks.

Cheers,
TOWCH

[98AB49DC5A]

Yes, I am proposing a pin and cam attack but no, there isn't enough play in the tumbler lock to do so. What I propose is to lift one of the levers to a half or quarter bitting position to hold the tumbler lock back allowing play in the other levers.

[TOWCH]

Yes, I am proposing a pin and cam attack but no, there isn't enough play in the tumbler lock to do so. What I propose is to lift one of the levers to a half or quarter bitting position to hold the tumbler lock back allowing play in the other levers.

I see. That's a good strategy. I've attempted it, but haven't had much luck. If you can wear the points down by beginning engagement and rubbing the levers back and forth across it: it may be easier to balance a dull knife on it's edge than a sharp one so to speak.

Another factor which may make this more possible is if a tool(pin and cam for instance) is holding the lever rigid in a position where the ramps try to move it against the tool rather than away from it. L shaped wires didn't do the trick for me, but a pin and cam may be able to.

Although I gave up on the idea: I can see it being possible. Would be cool to see this lock NDE-ed cold, because the best I've come up with were minimal destructive, cheating, or unrealistically time consuming make up key laser attacks.

Of the above: cheating seamed like the biggest threat vector, but that's a problem with all lever locks.

Cheers,
TOWCH

[98AB49DC5A]

Even if it is difficult to lift the lever after locking, what if you lift it before. there will still be downward pressure but you don't have to overcome friction, friction actually helps you. also, as far as having enough force to lift the levers, a planar lifting cam (a fancy way of saying a pin/cam type device that sits in a single 2d layer) Would do the trick. You could easily fit two of them at the bottom of the keyway.
http://www.postimage.org/image.php?v=aVsAaI0
They can also lock in place, holding a lever at a half or 1/4 bitting position. Two of them allows one for holding the tumbler lock back, and one for testing the individual levers.

one other option would be to have a half or quarter bitting segment for each depth and to use a wire to probe the other levers. though the 29b would prevent this because of the deep ward that passes through the curtain.

One last thing, if you are looking into using wires consider decoding. There's a clear path to the edges of the tumblers and a wire tool could go through the keyway to find the gates on the sides of the levers.This would require slight lifting of the levers but might work.

In any case good luck.