Edit: 7/7/08: Two years ago I posted this article with the intention of fueling the fire of public discontent with the existing lock technology, with the hopes that it would drive the lock makers to respond with better, more secure technology.

I’ve recently learned that the companies that make these products have, after literally decades of knowingly shipping insecure products, begun to respond to the challenge and actually build a safer product. Master Lock, in particular, has released what they call “bump stop” technology, with a specially crafted pin that makes lock bumping difficult if not impossible. Here’s a YouTube video describing the technology.

At the moment, this type of lock is difficult to obtain for residential use; and while technology rarely ever works as well as the manufacturer claims, the important thing here is that bump resistance has become one of the metrics by which the security of a lock is measured, and products are already available to some consumers that address this threat. In short, it we’re at least on the right track.

And now, on with the original article.

It Worked

I recently saw a report on bump keying and how it, in theory at least, makes pin-and-tumbler locks useless. I was a bit skeptical, so I decided to try it out.

Using nothing but the little information I had gained through some Internet searches and You Tube videos, I took an old, unused key, filed it down to the appropriate shape, and tried it in my front door.

It worked first try.

This is serious. Though I’ve been taught how to pick locks, I’ve never successfully opened anything other than a simple desk drawer lock. With this one bump key, I can open about 40% of the locks I encounter in my day-to-day activities. A second key gets will open another 30% of the locks I encounter in a day, and between the two of them, I can open nearly every residential lock I’ve ever seen. This has very serious implications in the world of home security.

Making a bump key is trivially easy, and costs about $4 to do (or free if you already have an old key and a file). It’s not a new technology, and has been used for a few years no by criminals to break into house without leaving obvious signs of forced entry.

Burying Our Heads in the Sand

Continuing to keep this technique hidden from the public is not serving our best interests. The more expensive locks you can buy at the hardware store are expensive because they’re more difficult to open with a lock pick. Those same locks, though, can be opened in under 10 seconds by a bump key; often, the more expensive the lock, the easier it is to open. Everybody knows about lock picking, so lock makers build locks resistant to that technique. Very few people have heard of bump keying, so lock makers don’t bother to make bump-resistant locks. (There’s good reason for them to drag their feet; bump keying is a very, very difficult technique to guard against without radical changes to the way keys and locks work).

Nonetheless, the problem is here, it’s serious, and it’s not going away. Our only hope for any sort security is to force lock makers to start selling bump-resistant locks. They’ll do that only when the general public finds out that they’re being sold snake oil, not security. Our only hope is raising awareness.

To that end, I’ve created a simple video showing the basics of how to create and use your own bump key. All you need is an old key and a file to cut it with. You’ll be opening doors within an hour.

http://www.youtube.com/watch?v=pwTVBWCijEQ

Refinement

I’m no expert at this. Not at lock picking, not at bump keying, not at anything I’ve talked about here. However, I know who is. Check out www.toool.nl/bumping.pdf for some refinements on this technique.

In particular, their “Minimal Movement” technique caught my attention. I was surprised to find that the directions in the referenced PDF file were all I needed to make that technique work. Unfortunately, in my zeal to create the most efficient bump key, I managed to file away too much and ruin the key.

However, and this is the point, making a new bump key is so easy that there’s really no way to guard against it. You can’t control through legislation any more than you can control lock picks (I’ve seen a lock picked with a screwdriver and a paperclip–you can’t outlaw that!).

So try it out, tell your friends. This is an interesting skill that you can master in just a couple of hours, and a great way to impress strangers at parties. More importantly, when word finally gets out that everybody knows how to bump locks, lock makers will have to respond with better security.

Update

I’ve recently added a follow-up article to this one that answers a number of questions and gives further information about how you can protect yourself. The article is (unremarkably) entitled Bump Key Follow Up.

I Need a New Blog.

This one is largely an unfocused repository for whatever I happen to have to say at the moment. And while that was the original intention, it’s not an optimal solution. So, I’ve decided to break my writings up into the following categories:

• Technical articles - How-to’s, explanations, tips, etc. This will probably be the meat of my writings.
• Personal happenings - Sort of a family newsletter idea. Interesting to relatives and close friends; terribly uninteresting to everyone else.
• Snide Remarks - Political commentary, opinions, editorials, that sort of thing.

Perhaps there’s more to add, but that should be enought to get along with. I’m pretty sure I’ve got some interesting stuff to say, but one of my primary problems is that it never seems relevant to the subject of my blog… probably because my blog has no subject. Do my latest .NET coding tricks belong here? How about my musings about some bit of software I’ve been trying out? I don’t know.

I would like to have everything hosted on my site: it sure helps my search engine ratings–my personal website is actually ranked higher than my employer’s; higher than most people’s, for that matter (5 of 10 by Google), meaning that most of what I write about becomes “important” in web searches if it’s not too common a topic.

Since I’m going to be changing things around, I’d be interested to hear about alternatives for my blogging software. I’m using Wordpress right now; It’s nice and all, but I would like a bit more direct control over the content formatting. Less like blogger, more like Slashdot, if that makes sense.

Wiki-based systems are somewhat attractive if you can make the paradigm work. Wordpress is always an option. I expect that this may become my new homepage, so it should be highly customizable with minimal hacking.

More on this is probably to follow once I get more figured out.

I hadn’t realized just how much your day-to-day experience colors your overall perception. For example, listen to this little (absolutely true) story.

Last night, my wife and I decided to go to the store to get some food. It’s been fairly cold recently, so we decided to have a quick look at the weather to see if we should wear a coat or just a light jacket. The thermometer showed that it wasn’t too cold, so we both decided to take just a light fleece. We had a fun evening; it was cool out, but not too cold, just like we had envisioned.

Now that you’ve heard the story, let me fill you in on the details. We live in Colorado up in the “high country,” at around 7000 ft elevation. When I said it had been “fairly cold,” I mean that temperatures had gotten to -15°F the night before; that’s before adding wind chill. Days had stayed in the single digits most of the week.

So when we decided that it was light-fleece weather, it was actually 25°F outside, still well below freezing. Of course, it’s not humid here, so it was a nice, cozy 25°; but still, well below freezing. So how exactly did I begin to think that this sort of weather is not that bad? Well, my criteria for this sort of decision has changed. For example, above about 10° it no longer hurts to breathe. That makes me feel a lot warmer. Above 20°, I can make it from my car to the store without losing too much body heat. I never intend to spend more than 2 minutes out in the weather at a time, so extended exposure really doesn’t even factor into the decision. Having spent all my childhood in Phoenix, I still find my new perception on this subject quite surprising.

My wife asked for an Xbox for her birthday this year.

I would imagine that most of you won’t get past that first line; particularly the men, who are wondering how I managed to find such a girl. But stay with me: this is a very serious essay about video games and wasting time, not about how “cool” my wife is.

This birthday request got me thinking. Unless you count flight simulators, I haven’t really played video games much since I left college. Also in college, I developed an almost obsessive dislike of wasting time. The constant, oppressive weight of never-ending class assignments gave me a sort of persistent edginess such that I could only mentally justify avoiding what I had to do if I was still doing something productive. I still can’t sit down and watch TV unless I feel like I’m accomplishing something, like learning something on the History channel.

In looking around trying to decide what’s worth getting, I played a few of the games they have nowadays, and was surprised to find that I didn’t feel like I was wasting time at all. That’s kind of odd, because playing video games has been, for many years now, the quintessential time wasting activity. If anything is a waste of time, it’s video games, right? So why doesn’t it feel that way?

This really surprised and interested me. As hypersensitive as I am about using my time productively, I really expected to be as turned-off about the prospect of sitting in front of a TV controlling a virtual character as I am about watching Friends or CSI. What I came up with is that a well-written game has all of the intellectual elements of a “good use of time” that I have come to expect. These elements can all be boiled down to two basic principles:

First of all, and most importantly, these games are very intellectually stimulating. They make you think in much the same way as, say, fixing a broken radio would. Now, I’m not talking about games like Donkey Kong, Space Invaders, or any of the rescue-the-princess games we grew up with. Some of these newer games are complex puzzles with subtle clues buried deep inside intricate plots. A lot like a good murder mystery. Not all games are this way, but I’m not really interested in the others.

The other important element is that there is a sense of goals and accomplishment. This is a very common element, because games without it never become very popular. In order to spend much time with a game, you have to feel like you’re actually doing something. But that’s just it: when you turn the thing off, you realize that you’ve accomplished absolutely nothing.

So that must be it. If you haven’t really accomplished anything, you’ve wasted your time, right? Well, perhaps. Tolkien’s Lord of the Rings series was a great set of books; but after I read them, I had nothing new and useful to show for it. Everything I had learned from those books pertained only to a fantasy world that didn’t exist. No real-world knowledge at all; well, nothing that I hadn’t already heard, at least. Furthermore it took a days to finish those books. I spent more time reading just those books alone than I did in all my video game playing over the past 8 years combined. And yet, how many parents tell their kids that reading the classics will rot your brain? No, of course not.

Video games, I think, have a certain stigma associated with them for a couple of reasons. First of all, early technology made it difficult to make a game mentally challenging but still fun to play. That, combined with a lack of imagination on the part of the programmers lead to a large divide between games like “Final Fantasy” and “Mario: Fun with Numbers.” Of course, kids do what they enjoy, and these simple but challenging games provided kids with the emotional feedback they craved by giving them simple goals which they could accomplish and feel good about. In fact, with video games, the noticeable accomplishment frequency, and therefore the reward-to-time-spent ratio, is much higher than any other readily available activity. These kids, if left to their own devices, will seek out the activity that gives them the most positive feedback—so they’ll play video games all day if they can.

Which brings me to my next point: if a child spends an inordinate amount of time at any activity, even reading, the parent will conclude that the child is wasting time. It doesn’t matter what the activity is; the child could be playing video games, watching TV, playing baseball, solving puzzles, assembling models, or even studying advanced calculus. If he fills the entirety of his free time with the same activity, the parent will be displeased. The kid will be “wasting his time playing baseball,” or “wasting his time with those stupid puzzles.” Video games are just too consistently entertaining.

I see no reason why a good game can’t be as beneficial as a decent book. It’s a fairly new and novel medium that has yet to be fully exploited, I think. Most games, like most books, are, indeed, a waste of time (have you seen what passes as literature these days?). Others sharpen your mind like a good game of chess. Of course, I’m certainly not saying that Call of Duty, as educational as it is, should be used in schools to teach about WWII; but I think that we will eventually have games that will serve that exact purpose. What could better teach you what it was like than reliving the experience yourself? Oddly enough, true-to-life realism and historical accuracy are goals that the game industry is aggressively pursuing. The industry has a long way to go yet, but it also has some powerful potential that shouldn’t be ignored.

Yesterday, my wife and I made our most exciting and long-anticipated purchase of the year. We bought ourselves a grill. We’ve had our eye on the those gas grills at Home Depot for the past year or so. Every time we went there for one reason or another, we’d have a look and see if they’d dropped in price.

Well, apparently grills don’t go on sale, because we never saw one price break over the span of an entire year. However, the store was doing a promotion where friends and family of the employees got 10% off an entire purchase when they presented a coupon at the register. The event ended today; but last night, Cara and I went went for a Saturday evening trip to the hardware store to look at materials for building a picnic table. Since the “Friends and Family” event was coming to a close, the employees were giving out these coupons to nearly everyone they talked to.

The time had finally arrived.

With our 10% coupon in hand, everything was finally on sale. We made off with a few needed tools as well as the Weber gas grill we had always wanted. We took it home, and I spent the next two hours assembling the thing. Sure, we could have bought it pre-assembled at no additional charge, but then we couldn’t have fit it in the car. Besides, I enjoy a challenge.

Not surprisingly, we had grilled steak and grilled corn today for dinner. Tomorrow, shish kababs. Maybe some grilled fish on Tuesday. Who knows, we might even go an entire week without eating out.