But the way the lock described in that story works has some crucial differences from how a better-designed electronic key might work.
In the story you linked, the ten numbers are really only 5 buttons, meaning that from the very beginning you don’t have too many combinations to work with. Make the electronic key alpha-numeric, and you increase the number of possible combinations incredibly.
The keypad on that car requires exactly 5 numbers in the code. A better system would not only allow more digits, but would allow you to set the number yourself, like a password, again increasing the number of possible combinations.
The keypad on that car will open the door as soon as you press the five correct numbers in order, even if you have pressed 500 numbers beforehand. An improved system would require you to start over each time you try a new combination, eliminating the type of brute force hack used in that article. You would still be able to use brute force, but it would require many more keypresses.
Of course, one downside of allowing more complex electronic codes is that, like with computer passwords, people will probably end up choosing completely obvious codes, like “password” or “myinitials123” or something.
When I was in sixth grade I found a key in the school parking lot that was light blue and shiny… It had in very small raised letters (not stamped into it like someone might do for some sort of prank) “Master Key, all 1991 Ford F-150” or some such model… It might’ve been more specific, my memory is a little hazy on the details.
To this day I just don’t remember what happened to it. I was in 6th grade and should’ve handed it in to the police… I had no intention of using it for any reason… But I thought it was cool.
I’m pretty sure I put it on a keyring with other keys and lost it.
It has actually happened to me once with a standard 5-pin tumbler. We had a music practice space and, one caffeine-deprived morning, I slipped my key in, unlocked and opened the door, took the key out, and realized that I had opened the door with my apartment key. I looked closely at the keys and, sure enough, they were identical cuts. The apartment key worked in the practice space and vice versa. Hell of a coincidence, but it happens.
I do not know what car uses that type but my truck has one single button and billions of combinations and the combination changes every time. The system in that link looks like some toy thing or something like that.
go to any big hardware store and check out the deadbolt section, you will be able to find matching sets of locks so you can buy say 2 or 3 dead bolts so you only need one key for your house no matter what door you try to get in through…last time I did this there were only about 6 different locks to choose from in the type I looked at and it was a big name brand.
a friend of mine growing up had a garage door key that would open doors to at least 3 other houses we knew of.
once I wen to get in my car to leave and it was sitting there running, some chick got in and started it (evidently it was a bit hard to get the key to turn to start it) and when she tried to put it in gear she realized her car was an automatic…and the damn key wouldnt come out. it was a strange way to meet a cute girl.
at this point its still going to be to expensive to make each physical lock so unique that no one elses key would open your lock.
They sell the in sets especifically for that purpose. They also sell sets of padlocks keyed alike. All the padlocks on my boat use the same key.
i do not believe that for a second. If all they had was 6 types it was because all they had was 6 locks. I can guarantee you that any name brand which makes locks will make them in thousands of different combinations.
Not two weeks ago I was moving boxes to my friend’s car. She told me it was the first one in the lot. As I was moving the baby seats to make room for the boxes, I began to wonder why she had never told me that she had kids or did babysitting on the side.
Turns out her first car was from my perspective the last car. I had been moving someone else’s baby seats around. Not even the same car manufacturer either. I think she has a Land Rover and I unlocked a Jeep or something.
I’ve opened the wrong car door twice with my keys.
Once in high school I had my car keys ('85 Pontiac Firebird) in my pocket and put the key into a fellow students Pontiac Firebird and, voila, it opened. We were actually kidding before-hand saying, “I wonder what the odds are of my key opening your door?”
The other time was a few years ago when I came out of the barber shop, walked up to what I thought was my red Jetta, inserted the key and opened the door, but it felt strange, because as I looked up from the lock I clearly could see my Jetta a few spots over. The owner of the Jetta came over with a smile and in so many words said, “I’ve done the same thing”.
You’re right, it’s (number of positions)^(number of tumblers). Consider the degenerate case - 1 tumbler, 7 positions. Obviously there are 7 different possible keys. 1^7 = 1, incorrect, but 7^1 = 7, correct.
I’ve opened the wrong car door twice with my keys.
Once in high school I had my car keys ('85 Pontiac Firebird) in my pocket and put the key into a fellow students Pontiac Firebird and, voila, it opened. We were actually kidding before-hand saying, “I wonder what the odds are of my key opening your door?”
The other time was a few years ago when I came out of the barber shop, walked up to what I thought was my red Jetta, inserted the key and opened the door, but it felt strange, because as I looked up from the lock I clearly could see my Jetta a few spots over. The owner of the Jetta came over with a smile and in so many words said, “I’ve done the same thing”.
I was going to post pretty much what Critical1 said about the very limited offerings at big box hardware stores. Sure they can make a lot of combinations, but a given store will only stock a very small number of them. So if a builder is putting up some houses, there’s probably going to be some of them that have the same keysets. Food for thought about how much do you trust your subdivision neighbors.
As an ex-acquaintance of several car thieves in my misspent youth, I can add that certain keys were highly valued amongst them, for their ability to open the locks of any Ford car, up to a certain registration year.
That links to Left Lane news which explains little. As usual news articles are so badly done as to be worthless. One reporter will write an article saying electronic locks are 100% safe and the next reporter will say they are worthless crap, and both of them will use a few fancy words they do not understand but none of them will be able to give any sort of meaningful explanation.
It is possible that particular models have particular weaknesses but that is not inherent in the system. A wireless system can be made as safe as you like and virtually impossible to crack.
By the way, do they sell similar wireless controls for homes? Or maybe I could adapt one of a car.
It is possible (by a method I will not elucidate on but which can readily be found elsewhere) on most spin dial combination padlocks to read the last number in the combo, and often the middle number as well, and since even well built consumer combopads (Master, Abus) the error range is +/- one digit, you have only about a few dozen combinations to try. Cable dial combo locks are even worse; with a little practice it is possible to read the combo in under twenty seconds and walk away with a bike.
With regard to pin tumbler locks, most common locks have only five or six tumblers, and four or five height settings, which gives between 1024 and 7776 possible combinations not including the mechanical limitations previously indicated by Chronos. (The variation in height settings are created by using different combinations of key and driver pins to provide a shear line; see the Wikipedia article on the topic.) In addition, many pin tumbler locks for commercial buildings and apartments are master keyed (meaning they have two sets of key tumblers) which creates additional shear lines; such locks are typically easier to pick. The use of all-out tumblers, alignment sensitive (mushroom) tumblers, and a second line of internal tumblers is intended to make bypassing the lock mechanism more complex, but none of these means is foolproof or ensures that keying is unique.
However, the concern about having unique key combinations is rather a minor issue; the number of combinations virtually ensures that no casual user will have a similar key (stories about car makes sharing a small number of combinations aside), but it is typically easier to bypass the lock by some means other than picking the tumblers, especially in pursuit of nefarious purposes where damage to the lock or other entry points is immaterial. Most padlocks can be readily bypassed by a shimming attack on the shackle, and that assumes that the hasp itself is secure from attack. Most houses are far more vulnerable to entry via window or glass door than a frontal attack on a door lock. So trying to make locks unique in combination is not only futile, but pointless from a security aspect as well.
Mechanical locks should really be considered an anachronism at this point; it is relatively simple to make an inexpensive, self-contained locking system using an encrypted electronic handshake that is unique and essentially mathematically unbreakable. However, the desire to have a purely mechanical system is entrenched in both the lock manufacturing industry and the public at large.
Pin length is not the only variable for keyways. You also have the “left”, “center”, and “right” options for each cut. Medeco locks throw in a fourth option which makes the lock virtually unpickable.
Oddly that article says, " It’s far easier to capture the code used by a target when he opens his car and then replay it, rather than getting into all this complicated code breaking stuff." But defeating an attempt to capture a single code and replay it is exactly what these devices are good at, even though they could be cracked by more sophisticated means. Does the author know what he’s talking about?
Exactly, most news articles are written by people who are woefully ignorant of the topic. Capturing a code gains you nothing because each code is used once and then discarded. A new code is required each time.
That’s not completely true. Capturing the code may give you information as to where in the sequence the pseudo-random number generator is. Also, there are possible vulnerabilities due to the necessity to account for the transmitter and receiver getting out of sync (what happens if you press the transmitter button when you are too far away for the receiver to detect it?)