Home > Uncategorized > Housekeys

Housekeys

December 9, 2015

Yesterday found me in the local hardware store, getting electrical conduit pipes cut to size for curtain rods. I’ve been hard at work at a super long curtain project at home, and I’ve had to revisit both curtain rods and curtain brackets; turns out that store-bought curtain rods are simply not strong enough to hold my burly, blackout-lined, homemade curtains. It’s more or less a point of pride for me. I’m even learning to sew kind of straight, also something I’m proud of.

Anyhoo, since I was there anyway, I asked the guy to copy my house keys 5 times each. I do this once or twice a year since my teenagers have a tendency to lose them at a pretty consistent rate and I was down to 4 sets. But at the same time, I was going home to wait for all my pipes to be chopped, so I needed to take my keys with me. The long and the short of the story is I told the guy working there, Daniel, that I’d wait for him to make a first set of house keys.

Then Daniel said the magic words: oh, don’t worry, I’ll just quickly write down the codes for the keys and I’ll give them back to you.

What? Keys have embedded codes? I had no idea. I thought they duplicated keys by shaving one key to look just like another. And yes, I was worried that after many many copies, my house keys would stop working, since in each round the approximation to the truth would get slightly worse.

But the system is much better than this. I can even explain how it works, thanks to Daniel’s patience. And, I should say, I have what’s known as a “Medeco” brand key, which is probably different from other brands. Daniel’s machine was fitted to cut more than one brand.

Also, it turns out there is more than one style of Medeco key. My housekeys had 6 “pins,” which is to say 6 parts to their code.

Medeco 5 and 6 pin keys

The key on top is 5 pin, the one on the bottom is 6 pin. If you count the number of valleys between bumps you can see the difference.

OK so basically what this means is that there are 6 decisions to make when you cut my housekey. They correspond to 6 cuts, which look like little valleys when you’re done.

There are two dimensions on each cut; the first is easy to see in the above picture, namely the depth of the cut. There’s a little mechanism that Daniel uses to measure the depth of each cut, and there end up being 6 levels.

Next, you can’t tell by looking at this picture, but Medeco keys also have an angle for each cut. There are three possibilities for the angle: center, left, or right (CLR).

Putting those two together, my apartment doorkey’s code ended up looking something like:

 1C 3L 3R 4C 2L 5C

Pretty cool, right? And my building doorkey had a similar code. And now take a look at this video to see how they actually work:

Now you can take a look at your housekey and see if you can write down its code. It might have 5 pins instead of 6, and if it’s not a Medeco key it might not have angled cuts.

So, two things. First, if you think about it, this means there are 18 choices for each cut, because 6 depth levels and 3 angles, and therefore there are 18**6  = 34 million different codes altogether, which makes me feel safe.

But second, it made me wonder how master keys work. I mean, right? I know that keys have to line up pins in a certain way to open the lock, so how could two different codes work for the same lock?

To be more precise, the pins are not solid: they are columns of metal that have slices through them. When all the pins’ slices are lined up, you can turn the key and open the lock.

Well, it turns out that a master key system will have pins that have more than one slice. That means that two (actually, 2**6 = 64) different codes will work on the same lock.

Just in case you’re wondering about security, you should be. Here’s a video in which it is explained how, just using one lock and one key but knowing it’s a master key system, you can narrow the possibilities for that master key way down:

Even so, this is not a Medeco key, and angles of cuts are not discussed.

I know Medeco offers master key systems, because I found that information in their catalog. I’m left wondering if Medeco master key systems have to share angles, in which case it wouldn’t be that hard to derive a Medeco master key either. So I’m ending up feel a bit less safe after all.

Categories: Uncategorized
  1. December 9, 2015 at 7:38 am

    I’d always been told that the extra degree of freedom on Medeco locks made them impossible to pick, or at least essentially impossible.

    The door to get out on MIT”s great dome was protected with a Medeco lock which made it really hard for anyone (like curious students) to get out on the roof. To solve this problem, someone scaled the outside of the dome, drilled out the lock, and removed all but the first pin.

    So, looking from the inside it appeared that the lock had not been tampered with. However, since all you had to do to pick this lock was get one pin aligned, the lock was now actaully really easy to pick. If you knew how to get to the door, you could get out on the dome.

    It was a cool little secret until one of the hacking groups put a model of one of the campus police cars on top of the dome in 1994:

    http://hacks.mit.edu/Hacks/by_year/1994/cp_car/

    After that hack the lock (and also the library security) was changed and it was significantly more difficult to get out on the roof of the great dome.

    Like

  2. December 9, 2015 at 8:12 am

    Back in my high school days I learned how to pick most locks, an art that was passed down to me from my older schoolmates. Suffice it to say that a master key was NOT needed. A collection of about a dozen keys from any brand was sufficient to pick almost any lock. The two ingredients were keys and dexterity. As I matured, I stopped picking locks but would use the skills acquired only in cases of emergency, although my dexterity had waned somewhat.

    Lo and behold, years later Matt Blaze at AT&T Labs wrote a paper about mechanical pin tumbler locks which might be worth reading.

    http://www.crypto.com/papers/mk.pdf

    Mul-T-Locks are a bigger challenge, but even they can be picked. And a thief could often just break a window to enter if the lock is a challenge.

    Like

  3. December 9, 2015 at 8:25 am

    And with that the Chain of Trust gets n+1 links longer.

    JamesNT

    Like

  4. mathematrucker
    December 9, 2015 at 9:42 am

    After paying a dealership something like $130 to replace a programmable Ford car key I discovered that new uncut ones only cost about $10-$12 on Amazon and the local locksmith here only charges about $4 to cut them. Furthermore they are user-programmable if you have two working keys. So it behooves Ford (and maybe other) owners to invest about $15 in a third key and always keep three working keys. (This may only work for pre-2012 models…I just noticed something online about laser-cut keys that might change the equation for 2012 and later.)

    Like

  5. December 9, 2015 at 10:01 am

    I probably missed a key sentence (no pun intended), but is it really safe for you to post a picture of those two keys? Or is it that they’re not the keys to your apartment?

    Like

    • December 9, 2015 at 10:03 am

      Haha, definitely not my keys!! But yeah, that would be very stupid.

      Like

  6. Whomever
    December 9, 2015 at 7:41 pm

    The bad security characteristics around locks are well known (eg, that they are pickable, people can reproduce them based on markings, etc) but no one cares that much because in practice no one in the real world actually picks locks because there’s almost always an easier way to break into somewhere.

    Like

  7. michaelkleber
    December 9, 2015 at 10:13 pm

    There are actually two different ways for master key systems to work: the one you describe here, and one where there are two entirely separate cylinders, one turned by the per-lock key and the other turned by the master key, with no overlap in the pin positions. The latter system foils the attack you mention, but of course is more expensive to manufacture.

    Locksmiths, who still live by security-through-obscurity, get very grumpy when people talk openly about what used to be trade secrets.

    Like

  8. December 10, 2015 at 10:40 pm

    Just in case you haven’t already encountered Matt Blaze on locks and masterkeying;
    http://www.crypto.com/papers/

    Like

  1. No trackbacks yet.
Comments are closed.
%d bloggers like this: