MIT Students Release Code To 3D-Print High Security Keys

Sparrowvsrevolution writes "At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert released a piece of code that will allow anyone to create a 3D-printable software model of any Schlage Primus key, despite Schlage's attempts to prevent the duplication of the restricted keys. With just a flatbed scanner and their software tool, they were able to produce precise models of Primus keys that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium. Primus high-security locks are used in government facilities, healthcare settings, and detention centers, and their keys are coded with two distinct sets of teeth, one on top and one on the side. That, along with a message that reads 'do not duplicate' printed on the top of every key, has made them difficult to copy by normal means. With Lawrence and Van Albert's software, anyone can now scan or take a long-distance photo of any Primus key and recreate it for as little as $5."

3D printing shall not have arrived

[smittyoneeach]

Until somebody offends the G8. Vladimir Putin subsequently has him bound to a rock, where each day an eagle is sent to feed on his liver, which is re-printed and re-installed each day, almost like an old Windows version.
OR
. . .is bound to the same rock, and subjected to Barack Obama speeches in an infinite loop.

Unclear which is worse.

"Do Not Duplicate"

[DexterIsADog]

Really? That makes them difficult to duplicate? On which planet?

Re:"Do Not Duplicate"

[RobertLTux]

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

Re:"Do Not Duplicate"

This is a long shot, but I think it might have possibly been a rhetorical construct known as "humour".

Re:"Do Not Duplicate"

It was a long shot at the construct known as "humour", I'll give you that.

Re:"Do Not Duplicate"

[DexterIsADog]

You have to be kidding - I have duplicated dozens of keys with that admonition on it. Not a single refusal from locksmiths, Home Depot staff, etc.

lol, how did you get modded insightful for something patently untrue?

Re:"Do Not Duplicate"

[Jah-Wren+Ryel]

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

That happens to be the same planet where you can just put a little piece of tape over the DND message, maybe write something on the tape so it looks like a label, and then nobody is the wiser.

Or just go to a place like yelp to find locksmiths that don't care.

Re:"Do Not Duplicate"

[mcmonkey]

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

And which planet is that? It certainly isn't Earth.

In my college days we'd make copies of the dorm keys for friends who lived off campus, so we wouldn't have to go down to let them in the front door of the dorm.

Not only did those keys have the imprint "do not duplicate," but the copies we got back would have the same message!

Re:"Do Not Duplicate"

[jones_supa]

"Do Not Duplicate". Really? That makes them difficult to duplicate? On which planet?

I assume that message was intended for the owner of the key.

Re: "Do Not Duplicate"

How dare the copies include "Do Not Duplicate", when the original clearly stated that the words must not be duplicated!

Re:"Do Not Duplicate"

You have to be kidding - I have duplicated dozens of keys with that admonition on it. Not a single refusal from locksmiths, Home Depot staff, etc.

As have I. The only question I get asked is whether I would like to have "Do Not Duplicate" also stamped into the new keys when the blanks do not already have those words on them.

Re:"Do Not Duplicate"

[UnknowingFool]

On a planet where if you tried to take the keys to your local hardware, you'd find that they couldn't do it. It's not impossible to duplicate the keys but just hard for an ordinary individual without access to specialized equipment. Realistically you could duplicate one if you had a CNC machine but not many people have one in their garage.

Re:"Do Not Duplicate"

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

Like those with DVD Burners who would obey the "Do not make illegal copies of this disc" on an XBox game?

Re:"Do Not Duplicate"

[lister+king+of+smeg]

you mean the minimum wage walmart drone that smells of pot. yeah not worried about him fallowing directions of the key.

Re:"Do Not Duplicate"

gets even better when those same people will happily stamp 'do not duplicate' on the duplicate

Re:"Do Not Duplicate"

[DexterIsADog]

It's true that various key designs are difficult to duplicate, impossible if you don't have the correct equipment. I was making fun of the line in TFS that said "Do Not Duplicate" contributed to the difficulty of duplicating the key.

Re:"Do Not Duplicate"

[UnknowingFool]

I don't think of it was intended to be a layer of difficultly but a request. I suppose Schlage could have printed "Please do not duplicate" to be more polite.

Re:"Do Not Duplicate"

[garyoa1]

Yeah but this is a primus key. You won't get it cut at your local walmart. Nothing to do with any warning on it.

Re:"Do Not Duplicate"

[egcagrac0]

The Primus keys are what's known as a "patented keyway".

The general idea is that Schlage is the only company that's (supposed) to be allowed to sell the blanks, and they only sell them to locksmiths that agree to play by their rules (like promising only to make dupes for authorized people).

The duplication of these keys is not newly possible - but it's a new simplification.

Re:"Do Not Duplicate"

I've actually been to one store (an ACE Hardware) that refused to duplicate a Do Not Duplicate key. Of course, the vacuum repair store (???) across the street was A-OK duplicating the same key, so...

Re: "Do Not Duplicate"

This remind me of when I photocopied a Windows XP disk. It says on them, "Do not make illegal copies of this disk". So I photocopied it and hung that up on my bulletin board. Har har. What a fucking laugh for a few seconds.

Re:"Do Not Duplicate"

[cjpa]

I'm waiting for the day someone prints bitcoins.

Re:"Do Not Duplicate"

[Renegade1c]

A locksmith can't duplicate these keys. He must order them from the factory. The side cut pattern can't be cut by locksmiths, it is done on a CNC mill at the factory.

Re:"Do Not Duplicate"

You mock people that work at walmart, but you spell like a fucking retarded gorilla. Good work faggot.

Re:"Do Not Duplicate"

[Goghit]

Piece of masking tape over the "Do Not Duplicate" stamp, and write "Rm 103" on the tape. Social engineering ain't just for bank cards.

Re:"Do Not Duplicate"

[asmkm22]

And I've been turned down for practically every attempt at duplicating one of those keys. So which of our anecdotes is "patently untrue" again?

Yes, it's possible to find someone who doesn't care but, in my experience, most people are properly trained not to duplicate those keys as part of their job. Maybe you live in Detroit or something, though.

Re:"Do Not Duplicate"

The "for-friends" copy stopped at my college when some weirdo not from the college kept showing up in the girls showers. He was using a for-friend key, and all dorms communicated from the inside once you where in. Copying a key was an automatic expulsion for everyone involved. Not to mention a talk with the police in some cases.

I`m just saying, be careful with those.

Re:"Do Not Duplicate"

[BitZtream]

Except that you can either go to a self-service key grinder ... or 9 times out of 8, the guy making the keys will make one for you anyway without raising an eye brow.

I've never had anyone actually refuse to make a key for me because it had something engraved in it, and then all you do is point out that the blanks they have ... already have Do Not Duplicate engraved in the blank.

Re:"Do Not Duplicate"

[preflex]

These are Primus locks.

To defy the locks of tradition is a crusade only for the brave.

Re:"Do Not Duplicate"

[BitZtream]

Theres a CNC machine in every town in the nation now days, hell, I have one in my shed that could cut these keys.

More CNC machines than 3d printers by far.

Re:"Do Not Duplicate"

[minstrelmike]

Or just go to a place like yelp to find locksmiths that don't care.

Or just spend a couple hundred dollars and become your own locksmith.
It's not like it's hard to buy the equipment or learn how to use it.
In fact, I suspect most of the training is on how to read "Do Not Duplicate." ;-)

Re:"Do Not Duplicate"

[minstrelmike]

Or you could answer the ad on a matchbook and become a locksmith.

Re:"Do Not Duplicate"

[sunderland56]

The keys that the students made do *not* have this text on them, which

(a) makes them not an exact duplicate, and

(b) makes it easy to get a locksmith to duplicate the MIT-generated key.

Re:"Do Not Duplicate"

You have to be kidding - I have duplicated dozens of keys with that admonition on it. Not a single refusal from locksmiths, Home Depot staff, etc.

lol, how did you get modded insightful for something patently untrue?

They don't cut primus keys at home depot.

Re:"Do Not Duplicate"

[cthulhu11]

lol, how did you get modded insightful for something patently untrue?

You must be new here.

Re:"Do Not Duplicate"

They must be IMBECILES if they want the 3D printing industry to be **politically** banned by the primitives and tech-scares. But we are inventing new kinds of breakable locks, right? And security.

Re:"Do Not Duplicate"

[DexterIsADog]

I think it's another factor at work, not the suggestion I live in Detroit or some other den of scum and villainy (as you imply).

Maybe you just have an exceptionally untrustworthy face? I know I don't trust what you typed and I haven't even seen your face. :-)

Re:"Do Not Duplicate"

[DexterIsADog]

I didn't refer to the motivation of Schlage, but of the assertion in TFS. As I said. Twice.

Re:"Do Not Duplicate"

[DexterIsADog]

Reading comprehension - it's not just for smart people! :-)

Unfortunately

This will prompt someone to spend an inordinate amount of taxpayer money on electronic locks which are even less secure.

Re:Unfortunately

[Cenan]

Locks don't make secure doors, doors do. If you wish to enter, the type of lock on the door is not going to deter you. Electronic locks are not more or less secure, it is just a different set of crooks that are able to get through them without leaving traces.

Re:Unfortunately

[hedwards]

Not true. I used to work security in a building that had a lot of electronic locks. And ultimately, you can't enter them without leaving a trace. Sure, they might not know who it is that entered at 2:26 AM, but we would know that somebody entered at that time. Whereas with regular keys, we would at most know that somebody went to that floor around that time, but we'd have no clue as to which door they went into.

In other words, we could probably get video footage of the person that went into the door secured by an electronic lock, or at least narrow it down substantially, but would have no way of doing that with a traditional lock as we would have to have video of them getting into the elevator, not at the actual door.

What's more, with electronic locks, there's the ability to lock people out during periods of the day that you can't do with a traditional lock and you can change the key much more rapidly.

Yes, they aren't perfect and can be prone to attacks that a normal lock and key aren't. But, ultimately, suggesting that they're not any sort of improvement ignores reality.

Re:Unfortunately

So, in the event of a power cut. The locks either are open by default or locked by default locking you out? How do they behave exactly? Even after the battery backup has run out?

Re:Unfortunately

[egcagrac0]

The electronic locks around here are powered by battery as well as mains.

After the 12 hours (or so) of battery wears out, it depends on the lock type - the electric strike locks are fail-closed (bypassable by mechanical key), the magnetic locks are fail-open.

Re:Unfortunately

[Bengie]

Electronic locks... now the NSA will have a backdoor into your door.

Re:Unfortunately

Yo dawg, I heard you like doors, ...

Re:Unfortunately

[umghhh]

there is no place to hide. Not even in the toilet.

Re:Unfortunately

[Cramer]

One can get the same audit trail with dry-contact or magnetic sensors. If done well, no one will ever notice they're there.

Re:Unfortunately

[mdielmann]

Not true. I used to work security in a building that had a lot of electronic locks. And ultimately, you can't enter them without leaving a trace. Sure, they might not know who it is that entered at 2:26 AM, but we would know that somebody entered at that time. Whereas with regular keys, we would at most know that somebody went to that floor around that time, but we'd have no clue as to which door they went into.

In other words, we could probably get video footage of the person that went into the door secured by an electronic lock, or at least narrow it down substantially, but would have no way of doing that with a traditional lock as we would have to have video of them getting into the elevator, not at the actual door.

What's more, with electronic locks, there's the ability to lock people out during periods of the day that you can't do with a traditional lock and you can change the key much more rapidly.

Yes, they aren't perfect and can be prone to attacks that a normal lock and key aren't. But, ultimately, suggesting that they're not any sort of improvement ignores reality.

So, we can spend millions to develop a way to use electronic keys, but no one has ever figured out a way to sync a series of videos so you can watch someone move from one zone to another?

How quaint

[msobkow]

I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?

Re:How quaint

[fuzzyfuzzyfungus]

You just tell everybody who has to come in for a key replacement who it was who lost their key, then turn your back and whistle innocently. Cuts the loss rate significantly.

Re:How quaint

Most places the key cards are overriding the actual mechanical key based security.

Mechanical keys are still used as a backup to cards in the event of power outages, or system failures. Though only a few people need to have this kind of access.

Re:How quaint

[loufoque]

Keys have the advantage that they do not require electricity to run.

Re:How quaint

Thus ensuring that people who lose keys wait as long as possible before reporting it, in order to avoid retribution. Now you've lowered your loss rate *and* your security at the same time. :)

Re:How quaint

[fuzzyfuzzyfungus]

Exactly! People love Objective Metrics (especially ones made of numbers, because numbers are super scientific) that are easy to measure; because they allow even the laziest among them to experience the warm, comforting, embrace of Knowledge. They hate, and thus tend to ignore, fuzzy metrics that are difficult or impossible to quantify (like 'security') because those are a morass of nescience and harrowing epistemic uncertainty.

By doing exactly the wrong thing, and encouraging blatantly insecure behavior (you also likely create a culture of casual key-sharing and letting just anybody who 'lost their key' in), you drive the metric that people are looking at through the floor (demonstrating your Epic Competence), and shove all the risk under the rug of the metric that everybody avoids looking at and politely doesn't mention!

Re:How quaint

[Threni]

Why would that requirement suggest it's an insecure solution?

Re:How quaint

[jones_supa]

I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?

Remember that electronic locks can have various vulnerabilities too.

Re:How quaint

I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?

The data on key cards can be replicated as well. Heck, even the new "e-passports" gaining popularity with governments around the world have been cloned in the past.

Also, even locks that use key cards have mechanical elements. The bits can be secure as can be, but there may be physical ways to bypass the system.

AFAIK, the only physical keying system that has not been hacked is Abloy's (non-Cliq) Protec. Short of drilling out the cylinder I don't think anyone has been able to get in without having a key. Or at least this was the case about a year ago (the last time I looked).

Re:How quaint

Which is important if your job does not require electricity to be productive. As a code orangutan, if the card-scanner doesn't have the electricity to read my keycard, my slack-station doesn't have the electricity to even pretend to be productive.

Re:How quaint

[mlts]

I have been at several places where the key card system goes toes up and will not allow anyone in. The controller on a lot of HID systems is an XP box, and computers can fail, locking everyone out.

You have to have a high security mechanical override somehow. A lot of places use Best locks (which are 6-7 pins, have spool/mushroom tumblers, and unique keyways.) Others tend to go with Medeco3.

If you want resistance to 3D printers, there are already three methods which work well. The first is what is on Mul-T-Locks and Abloy PROTEC2 locks, and that is an active pin on the side of the key.

The second is a method like the Evva MCS, and having magnets embedded in the key. Duplicating this is a lot harder than just 3D printing a replacement, one would have to know where all eight magnets are facing and precisely align them. Not impossible, but not trivial.

Finally, there is the "CLIQ" technology that is going through multiple revisions. This combines a high security mechanical key with an electronic chip and tiny rotating pin powered from a battery on the key. Since each cylinder keeps the authorized keys in memory, there is no one central point of failure. The CLIQ system has gotten better over the years since it was opened at a previous DEFCON. First it was a pin that would retract, but that was changed to a small disk that rotates to allow the key to turn.

Nothing is perfect, but Assa-Abloy's CLIQ system is getting decently secure to be used as a backup cylinder with a card access system.

Re:How quaint

[SuricouRaven]

We use low-security locks at my employer. Electronic. The fastening is electromagnetic.

Why? Because there are children around, which means that in the event of a fire we need to be able to evacuate very quickly. A fire that could potentially burn through power cables before setting off the alarms. The electromagnet locks are failsafe - if the power fails, the locks unlock. There's also a physical power cut button (The 'break glass' type) on one side of most of the doors.

Re:How quaint

[mlts]

Last time I read, the locksport guys have managed to get it open in 10-12 hours. The Protec is about ten years old, and Abloy has put out the Protec2 with minor changes recently which, AFAIK, has not been opened.

I'd probably say the Protec2 + CLIQ is probably the best out there. It isn't 100%, (as the 2009 DEFCON got them back to the drawing board to deal with the vibration and magnet attacks and made a rev using a disk that turns as opposed to a pin that retracts), but it is as good as it gets for this department.

Of course, there is one step up from there -- going with Kaba-Mas X-10 combo locks on the doors as a backup. However, for almost any task, the Protec2+Cliq is probably the best of breed we have right now.

Re:How quaint

[msauve]

I worked in an office with electromagnetic latches. Used a badge reader to get in. A motion sensor would let you out. If you forgot your badge, flipping a sheet or two of paper through the gap between the doors would trigger the motion sensor and let you in.

Re:How quaint

[SuricouRaven]

Similar trick on ours. The doors also have those flip-up-and-down levers on the inside edges that allow for one side to be locked shut. We've no actual use for them, they are just part of the 'stanard' door that the builders purchased and installed. The children soon worked out that if you flip the lever down, the bolt comes out the top of the door and stops it closing. Which means the magnet can't make contact with the locking plate. So now there is a crew that always flips the bolts when they come through in the allowed direction, so that when they later come the the other way they can get through.

Re:How quaint

You can always blow the bloody doors off.

A problem with high security locks is that they are low safety locks. Are every single one of your employees in that area less important than the thing that is being protected? Then favouring security over safety is OK ***as long as the employees know this and can accept or refuse***. You have to allow them to refuse without prejudice because it is their lives at risk. If the chief security officer is thinking otherwise, then he must be in attendence in the area when the area is being used. First in, last out. Otherwise they are offering other people's lives, not his own. Leaders are supposed to lead.

Re:How quaint

[mlts]

At a lot of places I worked, there was a short list of people who had mechanical keys:

1: The security desk had a master key which was in a paper envelope, in a sealed box which was the "break glass in case of emergency" type. Facilities tended to use the keycards.

2: The building had a Knox box with a master key on the front so the local PD or FD could get unfettered access.

3: The corporate officers have keys.

4: The top IT manager had a key.

That's pretty much it for the most part.

Re:How quaint

Overcoming 3D printers is simple.

Make the key a box channel with the pins inside of it. Not a U-channel, a full box channel. No angle of visibility from the outside can image the functional workings of the key. And likely, an inner channel impression would not give you a good reading either.

Making new ones would be a bitch, but, hey, I bet 3D printing could help with that. Generate pin shapes based on a GUID, and you're golden.

Re:How quaint

Then there's Rabson locks. Can't beat those.

Re:How quaint

[mlts]

How are high security locks low safety? Pushing on an exit bar opens the door regardless if there is a Best, Medeco, Abloy, or a 5 cylinder special on the door. Same with magnetic locks. All the ones I've seen will open from the inside by bumping the bar. This is also a law by fire code.

Some sites require a badging out, but one can still hit the exit bar... it might sound an obnoxious alarm, but one can still get out.

A high security lock keeping people -in- is a no-no in every fire code in the US, unless one is dealing with an institution or a jail.

Yes, one can blow the doors off with a shotgun. However that leaves a signature. I use high security locks because if someone tries getting in, they leave evidence behind (which makes it more believable come the police reports and insurance claims.) A bumped lock leaves zero evidence (good luck getting a theft claim), and a picked lock leaves very little.

Re:How quaint

[cellocgw]

I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

Remember that electronic locks can have various vulnerabilities too.

That's why I'm going to put in a voice-activated lock system. You have to know the secret word, which I've cleverly stuck inside the Welcome Notice printed over the door.
Just don't throw things into the pond while working out the right word.

Re:How quaint

XP box? Hah, the company I work at uses a Windows 98 box (actually, it's been a VM for the last 5 years or so), because the access control program that was designed for Windows 3.1 hangs after a few days on anything NT-based. OTOH, I can say with confidence that I have a Windows 98 box with several years of uptime (had to apply a patch to prevent it from BSODing after 49 days, but since then it's only been rebooted 3 times).

Re:How quaint

[Sycraft-fu]

"Nothing is perfect"

That's the problem here. Geeks seem to think there is such a thing as perfect security, they delude themselves in to thinking that if people just weren't so lazy, so stupid, so whatever that we could have perfect security. Now with computers that is at least a theoretical possibility. It can't happen really, but in theory one could make a perfectly secure computer system.

Well that can't happen in reality. There is -no- perfect security in the physical world. It is just about trying to make shit happen less, about trying to make your security good enough that it can ward off the best attack you are likely to face. No matter how much you spend, what you do, there is always a way around it.

That is something geeks just can't seem to handle. They just can't deal with the idea that physical security is imperfect, and so they hate on the solutions as being not good enough, as though they could magically be perfect if only they tried hard enough.

Re:How quaint

[wierd_w]

Filling the box channel with 2 part silicone rubber mix, then chasing it will produce a high precision casting negative of the channel, which can then be easily scanned. (and being rubber, easily extracted from the box channel)

Many software packages permit boolean remove operations, which would allow them to position the 3d scanned rubber impression onto a blank channel way, then boolean remove the negative to get the positive impressions again in the digital model.

Then it's 3D print time.

Re:How quaint

[EkriirkE]

One of my old work places had fancy glass doors with a touch bar to get out, badge swipe to get in. We used to keep a paperclip in the planter box by the door outside to stick through the gap and touch the bar with. It always opened.

Re:How quaint

In the immediate sense, you can't construct a copy from a picture. To make a copy you'd have to have possession of the key itself. Since TFA details a process that only requires a picture, this is a valid prevention mechanism.

Also, if there's a mandatory full-depth pin at the front that isn't used by the tumbler mechanism, you'll destroy your mold getting it back out of the box channel. Adding it would probably have the side effect of making the lock itself easier to pick, though.

Re:How quaint

[dkf]

By doing exactly the wrong thing, and encouraging blatantly insecure behavior, you drive the metric that people are looking at through the floor (demonstrating your Epic Competence), and shove all the risk under the rug of the metric that everybody avoids looking at and politely doesn't mention!

Wait, are we talking about the banking system here?

Re:How quaint

[Shompol]

speak friend and enter

Re:How quaint

[recharged95]

High security facilities don't use those keys anymore, nearly all Fortune 500 companies use them for office doors (looking at mine right here).

Just ask our agency buddies: it's all about spin-locks, electronics and CCTV for locks.

Re:How quaint

The office I worked at had similar, but it checked for heat also. So you had to put the pieces of paper under your shirt for a few seconds before sticking it through and waving it around to get around that.

Re:How quaint

Not if you do it right. In the army we had a key control NCO (usually S4) who kept a key control roster where you'd sign keys out. And he'd just demand the keys back after a few weeks, and you were paying for the new locks if you didn't have them.

Re:How quaint

[Cramer]

Your post is full of so many illegal things... a fire alarm that can be disabled by fire before going off: I'm pretty sure that's illegal everywhere in the US.

If you're talking about mag-locks -- electromagnets that hold the door closed from ingress and egress, then that is not "low-security"; it is, in fact, the definition of high security... you don't get through that door, in any direction, without the appropriate access. Again, by code, they must release when the fire alarm is activated so people can evacuate however necessary.

Re:How quaint

[Cramer]

Or better... the nuts who installed the motion sensor put it on a ceiling tile that goes all the way over the door. Thump tile, door unlocks. :-)

Re:How quaint

[Cramer]

Go Alien 3 and put a breathalyzer on every door. *grin*

Re:How quaint

[fuzzyfuzzyfungus]

By doing exactly the wrong thing, and encouraging blatantly insecure behavior, you drive the metric that people are looking at through the floor (demonstrating your Epic Competence), and shove all the risk under the rug of the metric that everybody avoids looking at and politely doesn't mention!

Wait, are we talking about the banking system here?

Oh, no. If I were good enough to apply Terrible Person Logic to finance, rather than security, I would be rich enough to leave Slashdot posting to my auxiliary manservant...

Re:How quaint

[Cramer]

The controller on a lot of HID systems is an XP box

The actual controller of these systems is a small, almost brainless, microcontroller. The thing humans use to interact with it (the "ui") is a windows application. When the microcontroller loses it's cookies, and the windows system doesn't have a backup, well, that'll take a while to sort out.

Re:How quaint

[SuricouRaven]

The fire alarm isn't my area. I assume it has battery backup.

The doors, however, do not. And yes, there is a cable linking the fire alarm control boxes in each utility room to the door control boxes that will unlock the doors in the event of fire.

Re:How quaint

So, Werner, do you travel a lot?

Long distance photo?

[__aaltlg1547]

I don't think so. A long distance photo is not going to give enough detail. You'll need a high resolution photo of the key.

Re:Long distance photo?

[fuzzyfuzzyfungus]

I don't think so. A long distance photo is not going to give enough detail. You'll need a high resolution photo of the key.

Wacky Fun!. That paper appears to deal with a less sophisticated key; but demonstrated successful attacks at 195 feet, with comparatively cheap apparatus.

Re:Long distance photo?

[Immerman]

Long distance and high resolution are not mutually exclusive. A high-power camera-ready telescope will let you get both.

Re:Long distance photo?

[StripedCow]

Or multiple low-resolution photos.

Re:Long distance photo?

[MacGyver2210]

I don't think it matters, since if you can't get a high-res image of the key, you could just bump it open.

Re:Long distance photo?

[hedwards]

Not really. Unless somebody is holding the key incredibly still, and you're using an incredibly fast shutters speed and you know exactly where to point the camera.

Even a 200mm lens, which isn't going to be getting you a good view from far away, is going to have serious issues picking up sufficient detail on the key to make a duplicate.

Re:Long distance photo?

[Culture20]

Unless somebody is holding the key incredibly still

Like when they're lining it up to insert into the keyhole. What keys will need in the future is an opaque covering that slides down the shaft of the key as it's inserted into the lock, preventing the teeth from being seen.

Re:Long distance photo?

[tibit]

Whenever you'll be playing with a 12 inch or larger telescope, do yourself a favor and point it onto a terrestrial target a few hundred feet away. I've seen terrestrial pictures being taken through a 20" telescope and all I can tell you is that with clear air it's feels like taking your point and shoot and teleporting it a mile away. Never mind that if you don't care about giving yourself away, you can also flash-illuminate your target through the same optical assembly. I have to dig up some of the portraits my colleague took with his girlfriend standing about 1100 m. away on a winter night, with heavily overcast sky and no moon, with through-the-lens flash. It really looks as if you've been standing right there, except that of course the aberrations typical for closeup pictures are nowhere to be seen. As far as portraits go, a telescope gives you IMHO the best 2D reproduction to be had. I'm sure it'd be just as great at extracting the geometry of a key, since you get as close to axonometric projection as you can get.

Re:Long distance photo?

[afidel]

A 200mm lens is hardly exotic or expensive, I have an 18-200mm and a 150-500mm, with the 500mm I can shoot shots of birds at 200 yards that will capture individual lines on the feathers which are much smaller than the features on a key.

Re:Long distance photo?

[hedwards]

Only if they're holding the key still, and good luck doing that without anybody noticing. You're also presumably using a tripod to take those photos.

I've been a photographer for years, and if you're seriously suggesting that this is in some fashion realistic, I seriously doubt that you know anything about photography.

And yes a 200mm lens isn't rare, but getting one that could plausibly do this is quite expensive. And even then, you're talking about an F2.8 brick that everybody is going to notice. Even then, if you're inside or in the shade, you're not going to get adequate shutter speed to make out the detail on the key.

Re:Long distance photo?

[hedwards]

Good luck with that. In order to get a shot like that, you'd have to have the camera directly on the wall, and you'd have to do that without the person noticing, and you'd have to have enough light.

Just saying, the likelihood of this working out, is pretty small, and you'd likely be caught by somebody that thinks it's suspicious to be taking photos of people in such a fashion.

Re:Long distance photo?

[Sedated2000]

Since there is a company that duplicates keys from pictures you can try it for yourself.

Re:Long distance photo?

[i.r.id10t]

I've made keys for a simple Master brand lock using a Xerox copy of the key (yes, it was made on a Xerox machine). And yes, the cloned key worked.

Here at work we have these weird keys that don't have teeth - they have variable diameter and depth partial spheres cut out of the sides. Heard the last locksmith mumbling something about having to send them off to some place in Germany that still has dwarves working by the light of a lava flow from a volcano to get them duplicated... will be sending this article to the new locksmith who seems more competent but mumbles a lot anyway.

Re:Long distance photo?

[fuzzyfuzzyfungus]

It wouldn't entirely surprise me if keys duplicated from pictures are actually better than the ones duplicated with your basic hardware-store cloning machine. Those are neat, fast, and work; using the template key to control the height of the blank above a cut-off wheel; but some amount of analog-copy-degradation can happen, especially if the original key isn't in fantastic shape or the operator is sloppy.

If you are working from an image, you can't use that strategy, so actually computing the bitting codes and cutting a key to those specifications, essentially creating a first-generation master once again, becomes much more likely...

Low-tech solution

[Conspiracy_Of_Doves]

Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.

Re:Low-tech solution

[Conspiracy_Of_Doves]

Granted, this won't help if someone gets physical access to the key.

Re:Low-tech solution

[nosfucious]

Already been done: http://www.youtube.com/watch?v=l_d1ZgzmSok

If you only want to get in or out, then no door/lock combination can stop you. It's just a question of force.

Doing it without detection. or detection sufficiently later, is another question however.

Re:Low-tech solution

Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.

Or camouflage. While not a perfect defense, having shape baffling camouflage on the keys would at least make long range photobased duplication more difficult, and would still work while the key is enroute from pocket to door. (i.e.: not sheathed).

Granted, this won't help if someone gets physical access to the key.

Either way someone physically having access to a key breaches the security, that said, it is a lot harder to get your hands on a key than it is to photograph it at a distance.

Re:Low-tech solution

[mlts]

Some English prison locks do this, because part of their design is to make the key and keyway as hard to eyeball as possible (so prisoners can't carve one out of soap or whatnot.)

Re:Low-tech solution

[Conspiracy_Of_Doves]

There is no new thing under the sun. Any problem you run into, chances are that someone has had the same problem before.

Re:Low-tech solution

[mjr167]

I'm pretty sure not much helps in that scenario.

Re:Low-tech solution

Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.

Actually, many prisons do that now.

There have been cases where convicts with a lot of time on their hands have been able to duplicate keys based on watching the guards closely.

Re:Low-tech solution

[cayenne8]

Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.

A foreskin for keys...?

Re:Low-tech solution

[Conspiracy_Of_Doves]

All the best innovations are borrowed from nature, aren't they?

Re:Low-tech solution

[quetwo]

+1.

One of my friend's old warehouses had a wicked lock, plus card access, air-lock, etc. It wasn't in the best part of town.

Either way, their building caught on fire (HVAC unit burned up). It took the fire-marshall about 20 seconds to get through their reinforced door, and another 15 seconds to get through the rest of their security. If people want in, they will get in. It is all a matter of how much attention you generate for yourself, and how long you want to prolong people knowing you were there.

Watching a wrecking crew take down a house in my neighborhood had a similar experience -- the contractor taking down the house only needed one hit with a sledgehammer to get through their front door. The other contractor used a sledgehammer to go through the side wall to check the utility room. Again, if they want to get in, they can get in.

Nothing new

This is nothing new; it's also very easy to do with a photograph, a file and a dremel tool. Not that I've got any experience or anything, but I certainly never paid a lost key fee in college.

Uhm... not really impressive

[dbitter1]

Former locksmith here. The Primus (and nearly all of the other high security keys) are simply relying on patent protection to keep people from duplicating the keys. Any locksmith worth his/her salt already has key machines that could reproduce them onto a chunk of brass (worst case) or just onto a normal key blank.

If you want to see something that would impress me, look at a German company - DOM - that has a design that includes a floating ball bearing in the key, which is integral to making the lock work. If they could make THAT with a printer, I'd be impressed.

One model:
http://www.dom-sicherheitstechnik.com/DOM-ix-Saturn.667.0.html

Re:Uhm... not really impressive

3D printers can make 3D printed objects with movable parts (I have a working 3D printed adjustable wrench on my desk that required no assembly out of the cleaning vat), so prepared to be impressed...

Re:Uhm... not really impressive

[50000BTU_barbecue]

I've noticed that with the shoddy and fragile construction endemic in North American residences, it's not worth putting a fancy lock on things. You can kick the door in with one kick from a polio victim. Or with just a bit more force you can punch down the drywall and fake facade.

Re:Uhm... not really impressive

[drinkypoo]

The purpose of the locks is to make it noisier to get into the house, and to signal legal intent. If you are expecting crooks in your neighborhood to be good at picking ordinary locks and actually use the skill, then upgrading your locks might get them caught in the act.

Probably not though

Re:Uhm... not really impressive

[mlts]

That mechanism is used in Mul-T-Locks and Abloy locks (the Mul-T-locks use it as a patent, the Abloy locks use it for a way for the user to know the key is all the way inserted.)

What I wouldn't be surprised in seeing is something similar to Ace round locks, except with the bitting inside the barrel. Of course, we then are back to the age old Bic pen way of opening those, but I'm sure there is a way to help with that (especially if a tumbler or two slid on an axial path somehow.) This would require someone to closely examine the key, or at the minimum, take good photos of the depth down the barrel.

Re:Uhm... not really impressive

Doesn't look impressive to me either. In fact I'm wondering whether the Primus would still be vulnerable to bump key attacks. It seems to be just like a normal key except with two tracks.

Whereas something like those Abloys looks less likely to be vulnerable to the bump key stuff.

Re:Uhm... not really impressive

Any locksmith worth his/her salt already has key machines that could reproduce them onto a chunk of brass

That's sort of the point here. Any Locksmith using some accumulated skill, training and specialized equipment can do this easily.
Now ANYONE, with no specialized skills, some basic office equipment and a credit card can do the same thing.

Re:Uhm... not really impressive

You seem to be at the point of knowing just enough to be dangerous. Those 'round' locks, are generally called cylinder locks, or cores, or plugs depending on pedantic you want to be. Ace is a brand of those types of locks. Their claim to fame is different strength springs, rendering some tools obsolete and other techniques slightly more difficult. The bic pen trick does not work on locks that have different strength springs as the plastic itself would have to have corresponding different compression resistance at the different contact points with the pins.

Re:Uhm... not really impressive

[Coz]

I recall a rash of home burglaries when a certain company in Florida was using cheap materials under the siding, before the inner walls were finished, where burglars were removing the siding, punching through the outer walls, opening doors from the inside and making off with copper piping, wiring, and appliances. They were keeping track of the progress of the new homes and would wait until the appliances were installed before going in at night and removing them. They were even replacing the siding to make it harder for security to notice the holes until the work crews showed up to finish the drywall and install carpet.

Re:Uhm... not really impressive

I've yet to see a "round" lock not be openable by a Bic pen. Even the ones with the larger diameter can be opened by a Bic pen with two slits in it.

I would love a citation about the above and variable springs.

Re:Uhm... not really impressive

[mlts]

Abloys use a totally different principle of working. Instead of a shear line, they have a small indentation that a sidebar engages. Picking an Abloy lock is more like guessing a safe combination (false gates included) than rattling spring-loaded pins. There are no springs in an Abloy cylinder, so a bump key would just move the tumblers around, not getting anyone any closer to opening the lock.

It doesn't mean they are 100% secure, but with the improvements made by the company over the years, it is a lot harder for all but the most dedicated locksport guys to get those open. Locksmiths just drill them out.

Re:Uhm... not really impressive

[minstrelmike]

Any locksmith worth his/her salt already has key machines that could reproduce them onto a chunk of brass

That's sort of the point here. Any Locksmith using some accumulated skill, training and specialized equipment can do this easily. Now ANYONE, with no specialized skills, some basic office equipment and a credit card can do the same thing.

You seem to ignore the joys of a market economy.
Now Anyone with an internet connection and credit card (or reasonable facsimile thereof) can do the same thing.
Don't even need my own office equipment.Maybe Kinkos/FedEx will do it for me while I surf slashdot ;-)

Re:Uhm... not really impressive

[rriven]

http://www.youtube.com/watch?v=FQBMiI6Al5A

Even with the fancy floating ball bearing it can be picked.

Really Secure Facilities...

[NotSanguine]

have 24 hour surveillance and use "man traps" which require multiple access keys, electronic or otherwise.

patented blanks

[gl4ss]

what the lock companies do is they patent the blanks.

that's why lock companies come up with a new scheme every so often. and to buy those blanks you need to sign a contract that you wont copy without permission of the lock owner.. which is hard to check anyways.

Re:patented blanks

[torkus]

This (mostly). You'll also see several of only selling additional blanks to locksmiths in an equal number to the customer codes they punch into their system. It's not perfect but it's another control

Before the printing game this worked 100%...excluding the 'illegal' bootleg keys most locksmiths would buy from China...which are, of course, much cheaper. :)

Re:patented blanks

[Jane+Q.+Public]

"Before the printing game this worked 100%..."

Nonsense. It did nothing of the sort. Not even close. I know, because I duplicated a lot of institutional keys with "Do Not Duplicate" on them, for "security" locks. (Disclaimer: I did not use them to steal anything, or invade residences, or anything like that. I won't go into why I did it but it wasn't to commit a crime spree.)

If you had an original key (or an accurate enough impression or 1x scale trace or photograph), all you then need is a key blank that will fit the lock. This sounds easy but in fact can be quite difficult, because there are A LOT of different variations on keyways out there. But in the case of Schlage, there were only a relative few, and you could often get "generic" knockoff blanks from your local K-Mart. If you already know the particular kind you are looking for, it's a matter of a few minutes to go into the store and buy a blank for $1.

Once you have the blank, you can duplicate the key accurately with hand tools in less than 15 minutes. I won't go into the details here but suffice it to say that this doesn't require genius-level puzzle solving and it isn't particularly difficult to do.

The only thing the specific "high security" keys OP wrote about brought to the table is the difficulty of cutting a copy. You aren't going to do it by hand with a file in a short period of time. But *IF* you had a blank, you could cut it with a milling machine or a drill press with a cutting head without too much trouble.

Re:patented blanks

[Gr8Apes]

If you have a milling machine, you can cut the blank itself and bypass the whole "get the blank from the store". If you've got the right kind of machine, you can do this in a single operation and get a finished copy. But for a one-off operation, that's probably not going to be cost effective.

Re:patented blanks

Starting an argument with "Nonsense" is always the best way to get someone to come over to your line of thinking...right? You must have been on the debate team?

Re:patented blanks

[Jane+Q.+Public]

"If you have a milling machine, you can cut the blank itself and bypass the whole "get the blank from the store"."

You can, but in most cases you would be foolish to do so. If you have studied them, you would know that key blanks are deceptively complex beasts. You could spend many hours building something you could get in a few minutes at the local hardware store for $1.

But it certainly is useful to have a milling machine, because you CAN make anything like that if you want to spend the time and effort. Even these "high security" keys. Also, you can often use one to modify a key blank that almost fits, and make it fit, in many cases, in a few minutes. Usually, that would probably be a more productive use of your milling machine. You can do that with a file by hand, too... but it can take a lot of time.

Re:patented blanks

[gl4ss]

most dnc keys etc in circulation are out of patent already.

so they're just pieces of metal, even the blanks.

This is what MIT students do for research?

[metrix007]

Scanning keys to generate plans for a 3d printer is groundbreaking research? Wow.

Re:This is what MIT students do for research?

MIT hasn't been about science or progress for a while now. We've done all the basic research and development we can do. We're just circling the drain now.

Re:This is what MIT students do for research?

We've done all the basic research and development we can do.

Idiots have been saying that since before electricity was discovered.

Re:This is what MIT students do for research?

[Bengie]

Everything is 20/20 in hindsight.

Meh

[unixcorn]

A lock will only ever serve to keep an honest man honest.

At least the locks CAN be replaced or recoded

Try our newest, bestest attempt at "security": Biometrics. Someone copies the key, now what? Replace the compromised worker? Kill the citizen and hope the citizenry spawns a new one?

Note, however, that for some purposes individually revokable keys are not well-suited. Like the fireman's keys, that tend to be used in emergencies when comms lines may not be available to check for key validity... or even electricity for the electronic locks to work at all. Battery backups only add to the confusion, because they need maintenance and regular replacement that might well be forgotten, skimped, skipped over, you name it. Mechanical locks simply work better in this sort of scenario.

What this means is that you can no longer simply let the keys lay about where people can scan them, or take a picture of them. This is not much different from not leaving people alone with keys lest they make imprint copies. It is somewhat new that even a long range picture is enough (another MIT story previously here on slashdot), and now 3D printers turn out to be good enough. Clay moulds were already good enough and are still cheaper than 3d printers, if somewhat more messy, so really, this isn't much of a difference.

The simple fix? Keep those keys out of sight, like, inside a key bag or something. Like you would with your digital "private key", dig?

Re:At least the locks CAN be replaced or recoded

[Streetlight]

I'm not sure about firemen's keys, but firemen have other ways of getting through a locked door: battering rams, axes, chain saws, diamond disks and saws. Much like criminals - if they want to get into a locked house bad enough they will get in.

Re:At least the locks CAN be replaced or recoded

[RobertLTux]

allstate farmers and Nationwide all like buildings to have a way for Firemen to not break the door down just to do their job.

Re:At least the locks CAN be replaced or recoded

[Holi]

Like? more like require, at least if you want their insurance.

You must not live in my jurisdiction

[davidwr]

I my jurisdiction it is (or was, a decade ago) against the law* for a locksmith to copy keys that are both marked "do not duplicate" and which used blanks available only to locksmiths required the locksmith to go through paperwork to make sure the person requesting the copy was authorized by the lock-owner to do so. This typically involved asking the requester to provide the lock's "number" which presumably the lock owner had but which was not on the key or lock itself.

Up until recent decades, one of the more practical ways to duplicate many security keys was to make a mold and build a key from it, like you saw in 1960s spy movies. Yes, that required physical possession, but it didn't require a locksmith.

--
*I'm not sure if the law has any real teeth, it may be just a "civil fine" or it may just open up the locksmith to civil liability if the key is misused, much like if a bartender serves a drunk person more booze and they drive and kill someone, the bartender can be sued by the victim's family.

Re:You must not live in my jurisdiction

In my state, there is no license, or regulations on locksmiths. So anybody can claim to be a locksmith.

Re:You must not live in my jurisdiction

[mjr167]

So are these keys you cant get a copy made at Wal-Mart? Cause I'm pretty sure the minimum wage Wal-Mart employee doesn't care.

Re:You must not live in my jurisdiction

[Jane+Q.+Public]

"I my jurisdiction it is (or was, a decade ago) against the law* for a locksmith to copy keys that are both marked "do not duplicate" and which used blanks available only to locksmiths..."

But there are a couple of problems there. First, it's not actually illegal in most jurisdictions, and second, there are only a relative few key blanks that are actually "only available to locksmiths". Most of them have readily-available generic replacements, or can be made from readily-available generic replacements in a few minutes.

BTW: "building" a key from a mold is actually very difficult, unless you know exactly what you are doing. Both mold and key materials have to be almost perfect (and have certain properties I will not detail here), or what you get out of it won't be a usable key. Further, you need BOTH sides, not just one as usually shown in the movies, or your molded key (probably) won't fit the lock.

A key can be made from an impression, but it's usually far easier to use a different technique, and not actually "mold" a new key from the impression.

Re:You must not live in my jurisdiction

[minstrelmike]

I was in Wal*Mart today and they have a vending machine now that cuts keys for you.
I'm sure it has no access to the special blanks but it ain't too hard to turn a 3D printer into a vending machine for anything.

Re:You must not live in my jurisdiction

[Cramer]

When was the last time you had a human cut a key at Walmart? (or Lowes, Home Depot, etc.) It's been about 2 years, here. It's a kiosk now. (for the record, the keys maybe by the human... none, 0%, of them worked.)

Re:You must not live in my jurisdiction

[Shirley+Marquez]

Wouldn't know about Walmart, but a human cut some keys for me earlier this year at Home Depot. I guess I don't live in your jurisdiction. We also still have a few surviving smaller hardware stores around here, and they do their keys by hand as well.

Re:You must not live in my jurisdiction

[Cramer]

The mom-n-pop places likely still do it by hand -- and the keys they make are far more likely to work. But the mega-marts just don't want to have to pay people to do it -- and the people they have (had) doing it are complete crap at it.

sorry, can't fit Laxton in the joke...

"Savage Wang"
hee hee

3D Printing Hysteria

[Sperbels]

Can some explain to me why the only stories about 3D printing that make the news are ridiculously paranoid? Anyone can print out a secret key. Anyone can print out shitty plastic gun. What's next? Anyone can print out a bat'leth? Anyone can print out a plastic pressure cooker and make a plastic bomb? Anyone can print out plastic kiddie porn? Not one story discussing the incredible potential? Like, machines printing out copies of itself? Or the effects on a society and economy where any product can be downloaded and printed? None of that interesting stuff? Just the fear and paranoia stuff?

Re:3D Printing Hysteria

[mlts]

It is a new technology, and the first thing that happens are the fearmongers coming out. Next come the regulators because they want to enforce the status quo.

Same old thing, we had this with computers, we had this with the Internet. I wouldn't be surprised if there is a law or international treaty that gets passed forcing all 3D printer makers to have a DRM stack, or only allow signed files to be printed on the machines (with people having to send all stuff they want printed to a third party for "approval" and a certificate.)

Re:3D Printing Hysteria

[ebh]

Someone from Homeland Security will be with you shortly.

Re:3D Printing Hysteria

[msobkow]

Everyone can imagine the benefits.

But only the paranoid can fear the sky falling on their old business models and security through obscurity.

Re:3D Printing Hysteria

[Culture20]

You can 3D print a spatula. Nothing says "I love you" like the gift of a 3D printed spatula.

Re:3D Printing Hysteria

You can 3D print a spatula. Nothing says "I love you" like the gift of a 3D printed spatula.

Nothing says "I love you" like a plastic spatula that melts in the pan.

Re:3D Printing Hysteria

[jfengel]

Maybe this sounds weird, but this is actually a key question for me about 3D printing. Material matters at least as much as shape.

I cook a fair bit, and I know what I like in a spatula. I have several different kinds of spatula on hand for different purposes. They need the right amount of flexibility for the job. Some are very thin and stiff (but not brittle); others are thick and flexible. Some need to tolerate high heat; some need to be soft enough to avoid scratching Teflon.

That's just for spatulas, a pretty trivial tool. I'd imagine that more complex jobs require more complex combinations of materials. Shape is important, but I haven't seen any indication that they're getting anywhere close to being able to get a machine that does the things that rubber, metal, wood, and a vast array of different plastics yield.

Re:3D Printing Hysteria

[Full+of+shit]

plastic kiddie porn - protected free expression, iirc.

Re:3D Printing Hysteria

Furthermore, why does 3D printing have anything to do with this story? Because it's the only thing that makes it headline worthy. If the were able to make a CAD or solid model of the key, we have had technology to make it out of a hunk of steel, brass, aluminum, plastic, fiberglass or any other material for the past 100 years. It's called a Bridgeport Milling Machine and we have 20 at our plant! Can I get a front page article because we have the capabilities to mass produce them!!!! OH NOES!!!

Morons.

Re:3D Printing Hysteria

Engineers are designing these printers; the notion of mixing the ABS with plaster powder, wood fiber, or similar composites has not eluded them, but progress is slow, still...

Re:3D Printing Hysteria

[nurb432]

its all part of the plan to get 3D printers heavily regulated, if not outright banned.

3D printing represents freedom. Cant have that.

Re:3D Printing Hysteria

[bmo]

And we have this other lovely bit of paranoia.

its all part of the plan to get 3D printers heavily regulated, if not outright banned.

The AC above you mentioned Bridgeport milling machines. These have been around since before WWII (the first #1 was made in 1936). If you think 3D printing will be "heavily regulated, if not outright banned" why isn't it illegal to go and buy a used Bridgeport off of Ebay?

Take off the tinfoil. It's too tight.

--
BMO

Re:3D Printing Hysteria

[mdielmann]

It is a new technology, and the first thing that happens are the fearmongers coming out. Next come the regulators because they want to enforce the status quo.

Same old thing, we had this with computers, we had this with the Internet

It goes further back than that. I heard that there were some places that required a car to have people with warning flags walk in front of them so that horses and other people wouldn't be surprised or frightened. I'm sure there are examples going back to the first thing that looked like civilization.

Re:3D Printing Hysteria

Crossbows and Samurai-era Japan?

The key to it all

[Impy+the+Impiuos+Imp]

> printable keys, presumably with lookup tables

Stewie: (gets tired look on his face). Oh, here we go.

Why?

[sycodon]

Why would they do this?

Is there some cure to cancer behind a locked door that they think needs to be free? Perhaps some long lost formula for turning water into gas?

None of the reasons always offered up to justify breaking encryption applies here. How is it that civilization is made better by this?

Re:Why?

[serviscope_minor]

Why would they do this?

Why not? Why does anyone do anything?

Is there some cure to cancer behind a locked door that they think needs to be free? Perhaps some long lost formula for turning water into gas?

The answer is "no" in both cases.

None of the reasons always offered up to justify breaking encryption applies here. How is it that civilization is made better by this?

That's a really stupid comment IMNSHO because the reasons are exactly the same. They have highlighted a security flaw: one that could already be in use by nefarious sorts. Now, as always in these cases, people can choose to protect against it. That is always the reason for breaking encryption.

And one for question for you: why do you judge what others do with their time so readily? Why must everything be a "cure for cancer" or something like that. I doube everything you do is so worthwhile.

Re:Why?

[sycodon]

If this is a security flaw then so is a pair of bolt cutters.

And what I do is far more worth while then enabling yet a larger set of individuals to break into secure facilities. This whole idea that if you find a vulnerability, you should publish it, is complete bullshit pushed by childish morons with a very warped sense of morality.

Re:Why?

[serviscope_minor]

If this is a security flaw then so is a pair of bolt cutters.

Um yeah? If a seriously secure facility is vulnerable to bolt cutters then bolt cutters are indeed a security flaw.

And what I do is far more worth while then enabling yet a larger set of individuals to break into secure facilities.

Oh don't you pull the bait and switch on me sonny boy. You know very well that the original compairson was to "curing cancer". I very much doubt you do anything as worthy as "finding a cure to cancer". That's your measure of worth. Not mine.

This whole idea that if you find a vulnerability, you should publish it, is complete bullshit pushed by childish morons with a very warped sense of morality.

Classic invective as expeced from one who lacks a logical argument.

If you go back and read the thread there was at least one poster, modded +5 insightful no less who having not RTFA doubted that keys would be vulnerable to long range snooping. TFA proved him wrong. So clearly there are people with misconceptions who are could actually informed by such an article.

Your attitude does exactly what it claims the article does: by suppressing information on vulnerabilities, you leave the security flaws wide open for well informed criminals to exploit. Apparently criminals have few qualms about sharing "trade secrets", so your method ensures that only the criminals are well informed.

Re:Why?

[sycodon]

By revealing security flaws you expose what might have been concealed or even unnoticed.

And crimes are not all committed by well informed criminals exclusively. In fact, crimes of opportunity are most prevalent. So your attitude just makes it all the more likely that someone gets their hands on something they normally wouldn't have thought of getting in the first place or wouldn't have gone to the extra effort.

Hey everyone! Serviscope sets his gate's combination lock to 777. Go steal something from him so he knows his backyard is vulnerable!

Re:Why?

by suppressing information on vulnerabilities, you leave the security flaws wide open for well informed criminals to exploit.

Seriously, people who think like you should be beaten with a lead pipe.

Re:Why?

[serviscope_minor]

And crimes are not all committed by well informed criminals exclusively. In fact, crimes of opportunity are most prevalent.

And you think that the opportunistig criminals are going to buy a telescope and SLR mount, sniper spot some keys on a table, write some computer vision software to rectify the image and extract the cut, 3D print or CNC mill a new key then break in?

Serviscope sets his gate's combination lock to 777

Well, most people believe those licks to be substantially more secure than they really are. I used to do a lot of lab supervision where there were long gaps between being asked a question. I used to break the codes on the locks for the computers and monitors.

Turns out that someone utterly inskilled (me) could usually break one of those in under 10 minutes.

Most people figure they can be brute forced, but if asked believe it would take an hour or two. Tell them it's less than 10 minutes and they go buy another lock, not as you think, start stealing stuff from other people.

electronic doors still have traditional locks on

[Joe_Dragon]

In some buildings the electronic system is for that office only and the building maintenance people have the keys for the traditional locks also traditional locks are needed when power fails or the electronic system fails. Also in some buildings when the fire alarm goes off the electronic doors unlock.

Some buildings make so that only the building maintenance people can change light blubs.

Obsolescence?

[wideBlueSkies]

I for one would like to know when i can 3d print a buggy whip.

Re:Obsolescence?

[minstrelmike]

I for one would like to know when i can 3d print a buggy whip.

Sorry dude, you're too late. the last O/S to let you print buggy whips was Windows XP.
Oh wait, maybe you're not too late.

Re:Obsolescence?

[DMUTPeregrine]

Well, 3D printing the whole thing would be hard (very complex shape) but you could potentially print the stock core, and nylon is a popular material for whips. I doubt one could print paracord with current technology, but a spinning/braiding machine could be made to make the cords from nylon, then weave them into a whip. After all, the cords are braided to begin with. Strand drops would be an interesting problem to automate.

<shameless plug>I made a tutorial on nylon whipmaking, http://www.instructables.com/id/Making-a-Paracord-Whip/</shameless plug>

Obligatory

[moxley]

....I do not think Les Claypool appreciates this.

Yeah as a lay man I was not impressed by primus

[aepervius]

I mean, there was nothing in the key which looked that difficult to duplicate, contrary to those key as you showed. Or even the round key , which have pins on all direction , not only 2 axis but on 8 axis or more (I dunno if you know what type I mean, when you look along the axis they look like a star with 8 ray and along the axis the pins at at random position and random angle). I never found a locksmith which had the way to duplicate those despite wanting a second set of key. (maybe I should have asked a crook ;)).

Primus?

Primus Sucks!

Where's the code?

So, having read the fine article, where is the code? I didn't see any links to github or similar...

Universal lock pick

[192939495969798999]

In USA, you 3d print a custom key after months of work. In Soviet Russia, you just use a sledge hammer.

Re:Universal lock pick

In Soviet Russia, sledge hammers you

Fixed

a very big IF. Not Walmart blanks

[raymorris]

"If you have a blank" is a very big IF for the types of keys they are talking about. Wal-Mart doesn't sell sidecut blanks. Only locksmiths trust registered with the manufacturer can buy them.

99% of locks use the common keyways for which you can get generic key blanks. Those also have no effective key control - anyone can get copies made. In a high security environment you use high security locks with key control. The locksmiths who have access to the patented blanks will only duplicate a key after confirming with the registered contact person.

No security is perfect, but this system is alot more secure than just going to Wal-Mart. I worked as a locksmith for a little while. I've cut keys by hand. I can't do that with my office key. ( I work at a security aware agency). Being able to 3D print a key, or a blank, would be handy for me so I don't have to tell the security person that I lost my key AGAIN.

Re:a very big IF. Not Walmart blanks

[Jane+Q.+Public]

"If you have a blank" is a very big IF for the types of keys they are talking about. Wal-Mart doesn't sell sidecut blanks."

Hello??? Did you actually READ my last paragraph? Or even the rest of it? Quote myself:

"This sounds easy but in fact can be quite difficult..."

I know this, full well. And look at the CONTEXT also... the specific comment to which I was replying.

"99% of locks use the common keyways for which you can get generic key blanks."

I wrote this, too. Or at least, it is implicit in what I did write. And I at least mentioned the other things you talk about here. Go back and read it again... because apparently you didn't the first time.

Re:a very big IF. Not Walmart blanks

[ttucker]

No, you talked shit about how easy a hard thing was, and only later realized that you are full of shit.

Cutting a copy of a regular key that has an easy to obtain blank (and in fact nobody gives a crap why you did it) is nothing compared to copying a key on a manufacturer controlled blank that also has a security gimmick feature.

Re:a very big IF. Not Walmart blanks

[Jane+Q.+Public]

"No, you talked shit about how easy a hard thing was, and only later realized that you are full of shit."

Bullshit. Anybody with a high school education can read my words and see what I actually said. And it wasn't that.

"Cutting a copy of a regular key that has an easy to obtain blank (and in fact nobody gives a crap why you did it) is nothing compared to copying a key on a manufacturer controlled blank that also has a security gimmick feature."

No shit, Sherlock. Nowhere did I say anything that disagrees with that. Go back and read it again, or maybe get some lessons in reading comprehension.

I used to work as a locksmith and passed the certification exams. Have you done the same?

Re:a very big IF. Not Walmart blanks

[ttucker]

Yeah, you strongly implied someone was a moron for claiming that DND keys were hard to copy because by god you did it once (again, good for you). The only problem is that everyone else in the thread was talking about hard to obtain, source restricted blanks, and most certainly not the low security SC1 style key that you describe copying. Now you feel kinda silly, and have digressed to belittling peoples education and intelligence. Completely ignoring the context and content of your comments to feel correct should be embarrassing.

You literally said this:

The only thing the specific "high security" keys OP wrote about brought to the table is the difficulty of cutting a copy

It is not true, the Primus blanks are source controlled. At least admit to yourself that you were wrong, and move on.

Re:a very big IF. Not Walmart blanks

[Jane+Q.+Public]

"Yeah, you strongly implied someone was a moron for claiming that DND keys were hard to copy because by god you did it once"

Not even close. Someone said, quote:

"Before the printing game this worked 100%..."

And my reply was: nonsense, no it didn't. Because... it is nonsense, and no, it didn't. I didn't say or even imply anybody was a "moron". I simply stated that sentence was untrue. Because it is untrue.

It was nowhere near 100%. It is rather easy to do, *IF* (as I clearly stated before) you can get the right key blanks. And if you can't get the right ones, it is often not hard to modify another similar blank to fit. And I didn't just "do it once". I did it many times. But why and where are a discussion for another day.

"The only problem is that everyone else in the thread was talking about hard to obtain, source restricted blanks"

No, they weren't. Let's follow the ACTUAL thread I was replying to, eh?

1 I have duplicated dozens of keys with that admonition on it. Not a single refusal from locksmiths, Home Depot staff, etc.

2 what the lock companies do is they patent the blanks.

that's why lock companies come up with a new scheme every so often. and to buy those blanks you need to sign a contract that you wont copy without permission of the lock owner.. which is hard to check anyways.

Note: this practice has been used for decades. And it HAS NOT resulted in "strictly controlled" key blanks, for the reasons I mentioned. True, keys like the ones OP discussed have been hard to obtain, but (again according to comment #1 above) those ARE NOT the ones under discussion here. Certainly not the ones I was discussing.

If that's what YOU meant, when you said "Before the printing game this worked 100%", you would still be wrong. Because those keys can be AND HAVE BEEN made on milling machines. There is no "100%" about it. Your statement was simply wrong. No 2 ways about it.

But back to MY comments: I was not discussing the kinds of keys in OP's post. I was responding to the context brought up by comments #1 and #2 only.

"Now you feel kinda silly, and have digressed to belittling peoples education and intelligence."

I don't feel silly at all, and I belittled nobody. You misunderstood me, plain and simple. Stop pointing fingers, and accept that YOU could be wrong. And here's a great example:

"The only thing the specific "high security" keys OP wrote about brought to the table is the difficulty of cutting a copy"

"It is not true, the Primus blanks are source controlled. At least admit to yourself that you were wrong, and move on."

It IS true, and you took that out of context. Here is the WHOLE statement:

"The only thing the specific "high security" keys OP wrote about brought to the table is the difficulty of cutting a copy. You aren't going to do it by hand with a file in a short period of time. But *IF* you had a blank, you could cut it with a milling machine or a drill press with a cutting head without too much trouble."

My comment was CLEARLY in the context of cutting one with a milling machine, NOT in the context of obtaining "controlled" blanks.

Learn to read, and get off my ass.

Re:a very big IF. Not Walmart blanks

[Jane+Q.+Public]

Correction: I mistyped. My comment was in the context of "IF you could obtain a controlled blank" (I didn't say it was easy), AND that you could cut the key with a milling machine.

What it did not say, though, was that you really don't need a blank. If you have a milling machine you don't NEED a blank; you can just build the whole thing from scratch (as I stated in the comment above).

Re:a very big IF. Not Walmart blanks

[torkus]

So yeah, the 100% was a bit tongue-in-cheek (really, nothing in life is 100% except death after all) but set the premise for the rest of the statement you ignored. With that said, the post titles were 'patented blanks' so obviously we're not talking about generic schlage or kwikset keys you can get at home depot. Congrats on being correct with an unrelated point. I grant you some arbitrary value of "win" and here is your cookie and gold star.

I was *actually* trying to point out that chinese knock-off blanks have basically invalidated controlled blanks as a security measure.

Re:a very big IF. Not Walmart blanks

[Jane+Q.+Public]

"With that said, the post titles were 'patented blanks' so obviously we're not talking about generic schlage or kwikset keys you can get at home depot. "

I repeat: the thread I was responding to (comment #1 I mentioned above) WAS very obviously talking about exactly that.

I had thought YOUR comment was also in that context. So part of the mixing-context blame might lie with me. But given that those earlier comments (1 & 2) were the context my comment was meant in, I still don't see where I wrote anything that was incorrect.

I am willing to chalk it up to a misunderstanding. But that's as far as I will go.

Re:a very big IF. Not Walmart blanks

[ttucker]

Are you attempting a buffer overflow on my brain? Good grief.

correct, Walmart doesn't have these blanks, or mac

[raymorris]

cracked the article is referring to restricted blanks. not available at Walmart or Home Depot. Those stores also do not have the special key cutting machine required to cut into the side of the key.

that's not how it works. recode the lock bitmask

[raymorris]

You don't have to replace all the keys.
If you're concerned, you replace one pin stack in xhe locks that key opens. You don't issue everyone identical keys. My key opens my office and the back door, only. The back door lock has a stack of pins that work as a bitmask, so many keys can open it and you can add or remove keys without necessarily affecting the others.

In re systems that use physical keys - key cards and key fobs are physical keys too. Key cards store their bit pattern in iron powder. "Regular" keys store their bit pattern in brass. There's no fundamental difference in security.

CNC Mill

[digitalsolo]

Not as convenient, but it's not as if this is new. I have easy access to a CNC mill. Pretty sure I can make any key that a key cutter can create, given the original (or very good pictures with something for size reference) and a small chunk of billet.

Re:CNC Mill

[Overzeetop]

Yes, but even in the very best/most efficient case, it will take more than $5 of machine time to create. It's the same argument with guns - anyone can make one with a basic set of shop machines. The key (if you'll excuse the pun) to 3D printers is that it's a trivial process which can be accomplished for very low cost. The barriers to entry are significantly reduced, and will only get lower as the cost of printers comes down.

Re:CNC Mill

[digitalsolo]

If programs can be sufficiently complex so as to create the program for the 3d printer to print the key with
If you have to create the 3d printer program, well that's not any easier than creating the CAD drawing for the CNC machine. I can build a CNC mini-mill for 1500 dollars, so they are cost competitive (in relation to this topic) with the 3d printers also. Side bonus: steel key is much more resilient than plastic.

Re:CNC Mill

[digitalsolo]

WTF, slashdot ate the top paragraph, sorry, let me try that again.

If a program can be sufficiently complex so as to create the program for the 3d printer to print the key with less than 5 dollars of effort, they could just as easily create tool paths for a CNC mill.

If you have to create the 3d printer program, well that's not any easier than creating the CAD drawing for the CNC machine. I can build a CNC mini-mill for 1500 dollars, so they are cost competitive (in relation to this topic) with the 3d printers also. Side bonus: steel key is much more resilient than plastic.

Re:CNC Mill

[couchslug]

You can also duplicate most modern firearms (if you don't have a needed tool, you can make that too), and your work can be as good or superior.

http://www.cncguns.com/downloads.html

Why isnt it illegal?

[nurb432]

At some point it will require a license to purchase and own machine tools too.

Re:Why isnt it illegal?

[bmo]

At some point it will require a license to purchase and own machine tools too.

Today I can go out and buy a used lathe and milling machine and manufacture everything from the keys mentioned in this article to fine quality guns that fire actual bullets much more reliably than you can get out of a Dimension 3D printer. Indeed, even before the existence of printers such as the Dimension printer and its kind, where was the outcry?

There is no licensing of machine tools because "how much do you want to cripple the economy" by putting up barriers to capital equipment?

You're nuts.

--
BMO

Re:Why isnt it illegal?

[nurb432]

You're nuts.

And you are clueless.

Pretty much any widespread lock can be picked

The question is how much time it takes. If you look in youtube, the primus one get picked in roughly 3 to 5 minutes.