Captured-wafer pin-tumbler lock

[supercat101]

Most mechanical locks, including nearly all key-operated locks, are susceptible to what Schuyler Towne calls the "tentative method", which makes it possible to open a lock without having to independently try all possible combinations of tumbler positions. Security pins make it difficult to physically manipulate pins to find the shear line, but don't solve the problem that it's possible to manipulate tumblers while the lock is under tension, which means that at any given time when the lock is under tension but won't turn it will be possible to identify a pin which is at the wrong position. While manipulating such a pin may free it up even when it's in the wrong position (causing some other pin to bind), and while false sets may make it necessary to let all the tumblers reset, someone with a picking tool that could measure setting height could by the process of elimination identify all the wrong positions for each pin and consequently find the right position.

I would suggest as a solution a lock where most of the pin stacks would contain a minimum-length driver pins and a generous number of short master wafers (e.g. four) chosen independent of bitting, and a fixed-length slotted or grooved driver pin on top; inserting and turning a key would cause some combination of master wafers to be captured above the shear line, but the lock could only be rotated fully if the slots on the driver pins were lined up with a a slide-bar in the bible, which would only happen if the proper combination of wafers was captured. There would be zero tension on the slide-bar until the lock was rotated enough to separate the pin stacks in the bible from those in the plug. Turning the lock a few degrees would first separate the pin stacks in the plug from those in the bible and then tension the slide-bar. Picking the lock so as to allow the first few degrees of rotation would be trivial, but also useless, since there would (depending upon the number of pins and wafers) be hundreds or thousands of possible combinations of captured wafers that wouldn't open the lock, and only one that would. While trying every combination of false sets might be possible in a lock with few enough pins, a decent-sized lock could make such an attack impracticable.

A suitable mechanism could probably fit more easily into a U.S. form factor (which has more space around the bible) than a Euro-cylinder, but if one was willing to reduce the key length by a pin, the bible space that pin would have occupied by the last pin could be used for a mechanism that interfaces the slide bar to the cylinder. With a little work, the mechanism could also accommodate two entirely-independent bittings (unlike master-keyed locks where the master and non-master bittings have to be very similar) by using two slide-bars and opening for any combination of wafers that will open either one. For that to be secure, the lock should be constructed so that only one of the bittings would enable gutting, and only people who are fully trusted should be given keys with that bitting, but the ability to use two independent bittings should be useful anyway.

[Jacob Morgan]

Can you go into how the sidebar, whether in the correct position relative to the wafers or not, would prevent the plug from rotating if the sidebar is up in the Bible? Interesting design, but having a hard time picturing that part of the design.

[kwoswalt99-]

Hello and welcome to the forum!
The idea of a driver pin sidebar has been discussed here before, but the original poster did not have a working idea for the lock, or a reason why this lock would have an advantage over any other. I understand your idea, but how exactly do you plan to couple the sidebar with the driver pins? I know how I'd do it, but I'd like to hear what you think. Also, your idea is somewhat similar to inverse entropy's idea from a while back http://www.lockpicking101.com/viewtopic.php?f=25&t=47065&p=354832&hilit=, although his was not a practical one. It's not easy to come up with an original idea, that's for sure.

[Squelchtone]

Can you go into how the sidebar, whether in the correct position relative to the wafers or not, would prevent the plug from rotating if the sidebar is up in the Bible? Interesting design, but having a hard time picturing that part of the design.

That's what I was thinking, if the shear line is created, no matter how many master wafers have been lifted into the bible area, there now exists a shearline and the plug is free to turn assuming all pin stacks have been picked and there is a shearline all the way from front to back.

I thought about something like this in the past that would stop the lock from turning if you didn't pick it in the correct order, had a drawing with a tunnel in the plug which would link back up to some mechanism in the bible area and that tunnel would contain a locking mechanism of some kind, be it a spring loaded pin or a series of stacked ball bearings. In OPs idea, I can see the sidebar falling into the driver pin grooves, which would suddenly open up some space for a ball bearing below it to be pushed into that empty area by the rotation of the plug. If the sidebar wasn't set, and rotation was applied to the plug, it would push against this ball bearing/pin but it couldn't go up because it would hit the sidebar which was in the way.. (god I wish I could draw this stuff out, I'm sure it's hard to imagine, and you know what they say about a picture being better than a thousand words.)

OP, could you give us some background or introduction as to how you came to be interested in locks and lock picking? And no offense, but have you picked a lock before or taken one apart, or is this purely academic writing based on thoughts and observations from watching Schuyler Towne videos? Just curious where you are coming from with this work. (student, hacker, academic, professional engineer, retired tinkerer, etc)

Thanks
Squelchtone

[kwoswalt99-]

This is what I think he means. Not a great drawing, but you get the idea. http://imgur.com/R9eH1xg

[supercat101]

Can you go into how the sidebar, whether in the correct position relative to the wafers or not, would prevent the plug from rotating if the sidebar is up in the Bible? Interesting design, but having a hard time picturing that part of the design.

That's what I was thinking, if the shear line is created, no matter how many master wafers have been lifted into the bible area, there now exists a shearline and the plug is free to turn assuming all pin stacks have been picked and there is a shearline all the way from front to back.

[/quote]

The plug would be free to turn in the absence of any other mechanism blocking it; there are many ways the linkage could be constructed, but I'm not sufficiently knowledgeable about different materials' strength to know what arrangements would be susceptible or immune to over-torquing. The aspect of the design I find most intriguing is the idea of making the components used for validation inaccessible while under tension.

One approach which would be fairly simple but would "waste" two pin slots would be to have a slide-bar with holes that are regularly spaced except for the rearmost pin, for which the gap would be a little larger or smaller; the hole for the front stack should be a tiny bit smaller than the holes for the rest. The front-most pin stack would include in the plug a pin stack which lined up with the shear line while resting on the ward, and included in the bible a pin which was tapered at both ends and was slightly longer than the space between the shear line and the slide-bar. The bible pin would be able to fit in a groove which went most of the way around the plug except in the immediate vicinity of the pin hole. The pin would thus hold the slide-bar so its holes lined up with the key-pin any time the lock was near the 12:00 position [that may be necessary in the 6:00 position as well]. At the back of the plug there would be a groove whose length would control the distance the lock could turn without a correct key. The pin sitting in that groove would be likewise tapered at the top but not the bottom, such that the lock would only be able to rotate fully if it could push up on the pin, which would in turn require that the side-bar be able to move.

I'm not sure how well that mechanism would work without binding, or how difficult it would be to add springs to move the slide-bar into the appropriate position. I am sure there are probably better ways to construct such a mechanism, however.

If Euro-cylinder compatibility weren't required, things could probably be done much more easily by adding a cam-operated mechanism beside the bible to insert a slide-bar sideways. Such a mechanism wouldn't use up any pin slots, and could also be constructed so the slide bar would "snap" in and out (thus avoiding micrometer-based attacks) but I'm not sure how that would fit into a Euro-cylinder.

OP, could you give us some background or introduction as to how you came to be interested in locks and lock picking? And no offense, but have you picked a lock before or taken one apart, or is this purely academic writing based on thoughts and observations from watching Schuyler Towne videos? Just curious where you are coming from with this work. (student, hacker, academic, professional engineer, retired tinkerer, etc)

I've not really dabbled much physically with mechanical locks, but am involved in the design and programming of electronic ones and understand the principles of mechanical ones. I've seen quite a few videos from Schuyler Towne, bosnianbill, and others, and have noticed that lock makers seem focused on the idea of making it harder to physically manipulate tumblers, but for the most part fail to detach the tumblers from anything that can be manipulated prior to checking their positions.

I've been pondering a number of ways of improving lever locks to separate out key sampling from key verification, but fitting such a thing into a normal mortise cylinder would seem difficult. A tubular-lock design might be easier than a straight-key design if tube depth weren't a problem; the plug would be split into two pieces which would rotate a few degrees relative to each other, and the rear part would only be able to act as a key in the bible portion of the lock when the pins in the front part were disconnected from those in the rear.

My main interest in posting was to see if anyone had ever done anything similar. Many locks seem excessively susceptible to decoding through the process of eliminating individual pin positions. Sampling the pin state and then verifying the copy of that state would seem to avoid that problem.

[supercat101]

This is what I think he means. Not a great drawing, but you get the idea. http://imgur.com/R9eH1xg

Thanks for the drawing. I'm not an artist, but that's pretty close to what I had in mind. Fitting something in a Euro-cylinder would likely require a somewhat different approach, but the picture nicely shows the concept. I'm not sure how thin the wafers could be while still being reliable, or whether using an alternating sequence of wide and narrow wafers could allow a tighter average spacing than would be possible with uniform widths [I would think a sequence of consecutive minimum-width wafers may be prone to jamming, but alternate widths would make that less likely].

In any case, thanks again for the picture.

[Jacob Morgan]

Kwoswalt99, thank you for the sketch, it was very well done and it helps a lot. Should the spring on the lever be at the top end?

Maybe a person could over lift with no tension to capture the lever, then pick as any other lock?

[supercat101]

Kwoswalt99, thank you for the sketch, it was very well done and it helps a lot. Should the spring on the lever be at the top end?

Maybe a person could over lift with no tension to capture the lever, then pick as any other lock?

It is necessary that the lever be fully withdrawn when the plug is near the 12:00 position. The purpose of the spring on the lever is to assure that. If the lever weren't withdrawn, it may be possible to feel which pins it was riding on when the plug is returned to the 12:00 position.

As for over-lifting, it would be necessary to ensure that when fully compressed the spring would limit upward travel of the driver pin to prevent that. Since all pin stacks are the same height, all would have the same range of upward travel regardless of bitting.

[kwoswalt99-]

I've not really dabbled much physically with mechanical locks, but am involved in the design and programming of electronic ones and understand the principles of mechanical ones. I've seen quite a few videos from Schuyler Towne, bosnianbill, and others, and have noticed that lock makers seem focused on the idea of making it harder to physically manipulate tumblers, but for the most part fail to detach the tumblers from anything that can be manipulated prior to checking their positions.

I've been pondering a number of ways of improving lever locks to separate out key sampling from key verification, but fitting such a thing into a normal mortise cylinder would seem difficult. A tubular-lock design might be easier than a straight-key design if tube depth weren't a problem; the plug would be split into two pieces which would rotate a few degrees relative to each other, and the rear part would only be able to act as a key in the bible portion of the lock when the pins in the front part were disconnected from those in the rear.

My main interest in posting was to see if anyone had ever done anything similar. Many locks seem excessively susceptible to decoding through the process of eliminating individual pin positions. Sampling the pin state and then verifying the copy of that state would seem to avoid that problem.

That's really cool that you come from the lock industry. You have some good ideas. There have been quite a few locks through the ages that have exhibited some of the features you are talking about. Most weren't commercially successful, and some never left the blueprints. There don't seem to be many around today. I still think one could catch on though, if given the right circumstances.

[Joshua904]

I'm new to all this stuff, so maybe I just don't understand.
With a pin stack like that, picking to turn the plug would be very simple- if it wasn't for the side bar- right?
Wouldn't smacking the sides of the lock with a hammer be enough to over come the side bar?

[supercat101]

I've not really dabbled much physically with mechanical locks, but am involved in the That's really cool that you come from the lock industry. You have some good ideas. There have been quite a few locks through the ages that have exhibited some of the features you are talking about. Most weren't commercially successful, and some never left the blueprints. There don't seem to be many around today. I still think one could catch on though, if given the right circumstances.

Most of the locks I know of that try to prevent tumbler manipulation while under tension (e.g. the Forever Lock) require complicated opening protocols. Given that even some high-security locks allow one to simply insert a key and turn it, I would expect marketplace resistance to locks which require a long drawn out process to open.

A key feature of the wafer-capture concept is that operation simply requires inserting a key and turning it--just like other common locks. The only noticeable behavioral change compared with a normal pin-tumbler lock would be that an incorrect key will allow the cylinder to turn a few degrees (some people may figure that if the lock turns a little bit but is then blocked, that means that the key was correct but something is jammed, rather than simply indicating an incorrect key). That change, however, would be relatively minor compared with what's required for the Forever Lock or even the Bowley Lock.

[supercat101]

I'm new to all this stuff, so maybe I just don't understand.
With a pin stack like that, picking to turn the plug would be very simple- if it wasn't for the side bar- right?
Wouldn't smacking the sides of the lock with a hammer be enough to over come the side bar?

Picking the lock would be trivial but for the mechanism that checks the notches in the driver pins. The shear line here, however, isn't designed to provide security directly, but merely to detach the keyway from the driver pins before checking their positions.

To use a crude analogy, imagine a password dialog box which disables the "Submit" button except when the right password is entered, versus one which enables the submit button as soon as six characters are entered, whether they're correct or not. Which is more secure? The latter would provide zero security if the system didn't check whether the entered password was in fact correct, but if the system won't grant access unless the password is correct, it's better to allow attackers to waste time submitting incorrect passwords than help them save time by telling them not to bother.

[Joshua904]

That part I get..
But what if you type in any six letters you want and slap your monitor and it just logs in for you.

That part I was curious about. Kinetic attack of the side bar.

[Squelchtone]

That part I get..
But what if you type in any six letters you want and slap your monitor and it just logs in for you.

That part I was curious about. Kinetic attack of the side bar.

what will the side bar go into? the fingers of the side bar need to occupy physical space, if you just smack the side of the lock the fingers will immediately hit the top pins and go no further. The sidebar can only move it's full distance when the top pin is at the correct height and the ring milled into the top pin is aligned with the sidebar finger and the sidebar enters that groove and gets out of the plug so the plug can rotate all the way.

here's a pic of a Medeco lock with sidebar fingers entering the gates in the bottom pins (colored in pink) if even one of those pins was not rotated to the correct position the lock wont open, and smaking the lock wont make the sidebar jump, it will just hit a solid wall (the outside of the pin that is not aligned with it's gate facing the sidebar finger)



I think I repeated myself a few times there.. heh.
Squelchtone