
The Document Which Used to Be Called the MIT Lockpicking Guide (1992) - Tomte
http://www.blurofinsanity.com/mit/lockpick.html
======
bb88
These days I'm enjoying viewing the lock lab you tube channel. It's a pretty
insightful guide into what makes a good lock, and the style of locks to avoid
if you truly want security.

[http://lock-lab.com/](http://lock-lab.com/)

~~~
droopyEyelids
Not trying to be a dick here, but for all of us that aren't responsible for
institutional access control (frequent key changes, master systems) the lock
is not the weak link in your physical security and you're wasting effort and
money worrying about it.

If you are concerned about physical security, check door frames, windows, and
thresholds (especially when lever locks are used). Crime doesn't happen
because people pick locks.

~~~
speeder
You need to check walls too...

I live in a third world country, security is very important, my house got
people jumping inside at least 7 or 8 times, that we know... maybe it was more
and we failed to notice.

One year, while my family was out in a christmas trip, they decided to use the
opportunity to actually get inside the house.

The thing is, beside tall walls, dogs, electric, spears and razorwire, we also
had solid brick walls, steel window frames with grates, steel windows, and all
doors to the outside were two doors in the same frame, the internal one made
of solid wood, and external one made of steel, frames also made of steel.

The thieves instead just made a gigantic hole in our wall, until it was big
enough to use power tools or something, then they destroyed the frame around
the door locks (all our external-facing doors, both wood and steel, have 3
locks).

So, the weakpoint was bad quality bricks, we alter tested and found out our
bricks were so shitty that hitting them with a crowbar made them mostly
instantly crumble, the guys probably did zero effort to destroy our wall,
probably if they had the time it would been easier to make a door-shaped hole
in our wall instead of cutting the steel frame.

~~~
aedron
My security strategy for our home is simple: Motion detectors and a bunch of
huge freaking sirens. If someone enters when the system is on, the sirens will
go off so loud that it is physically difficult to stay in the house. And of
course thieves will need to worry about neighbors being alerted to the noise.

(It also sends out SMSes, but I rely completely on it running off intruders
well before they get to steal anything or anyone has to intervene.)

~~~
seppin
your neighbors hate you

------
germinalphrase
I remember stumbling on this when I was 12 or 13 and thinking it was _super
secret knowledge_ that only locksmiths and spies could obtain.

It was a silly thing, really - but it did fuel my interest in picking apart
how things work in a more detailed fashion.

~~~
coconut_crab
Ditto. Back then my parent often locked the room with the computer so that I
could 'focus' on my study instead. And this guide helped my learning about
pascal, C and then x86 assembly (when my father got so frustrated he took out
the HDD and I have to run MenuetOS instead).

I think the section about Zen and Analytic thinking helps shaped my way of
thinking. Before that I just charged blindly into problems, only to get stuck
somewhere. But after reading the guide, I often stop for a while, thinking
'why doesn't this work?' and try to figure out how, back gathering all the
evidences and make a mental model of it in my brain. Interestingly it is quite
useful for programming too.

------
nnfy

      The only way to learn how to recignize and exploit the defects in a lock is to practive. This means practiving many times on the saem lock as well as practiving on many different locks.
    

Not quite related, but is there a reason that practice is consistently
misspelled? Perhaps some interesting lore?

~~~
LeifCarrotson
It's been transcribed automatically to HTML from a PDF document which was
typeset using LaTeX. The original document does not contain these errors:

[https://i.imgur.com/WSXKAdE.png](https://i.imgur.com/WSXKAdE.png)

The errors are an artifact of the lossy process which goes from the actual
text content, to semantic LaTeX source, to PDF (designed for print
reproduction, not content portability), and back to HTML. This last step might
even be using OCR.

But the errors may be present even without invoking OCR - I often find that I
can't copy text from a PDF generated by my professors' TeX toolchains because
the various ligatures, kerning, and other subtle effects that Tex produces
from letter to letter mangle the paste buffer. Also, while the default font
(Computer Modern) looks fantastic and very professional when rendered
correctly, and looks even better with TeX typesetting adjustments, many PDFs
are generated with bitmap fonts and then rendered on systems which attempt to
perform or remove anti-aliasing, DPI scaling, smoothing, and other effects.
You can see some of this in the above document.

~~~
ska
PDF is a terminal format, so this isn't really avoidable in all cases.

If you want HTML, usually much better off to use latex->html tooling.

~~~
LeifCarrotson
If you have the source, it's obviously better to use `hlatex`.

But PDF is only _intended_ to be a terminal format. In the real world, though,
it's very common for the 'terminal format' \- whether a binary executable or a
PDF - to be the only format available.

It would be very useful if the toolchains used to produce PDFs - whether
`latex`->`dvips`->`ps2pdf` or `pdflatex`, or any of the other possibilities in
the extremely complicated TeX ecosystem - did a better job of maintaining the
semantic and raw-text content of the source.

I would happily increase the size of all my PDFs by a couple percent if it
meant I could better extract the contents in the future. I do realize that
when you multiply this few percent by many gigabytes of PDFs on archive sites
and across many uploads and downloads, it becomes more important, but I would
assert that it increases the value of those PDFs by more than it costs.

~~~
tekromancr
I wonder if you could include the latex source as an unreferenced stream in
the pdf document. If there was a standard around this, we could have tools to
convert compatible pdf documents into whatever format easily.

~~~
Moru
Libreoffice can do this so I guess Latex would be able to do that too.

------
huac
Some context: [http://web.mit.edu/afs/sipb/project/www/stock-
answers/lockpi...](http://web.mit.edu/afs/sipb/project/www/stock-
answers/lockpicking-guide)

------
746F7475
Well, just incase someone wants to actual PDF: [http://www.lysator.liu.se/mit-
guide/MITLockGuide.pdf](http://www.lysator.liu.se/mit-guide/MITLockGuide.pdf)

~~~
tbirrell
This should have been the OP link. So much easier to read.

------
supergreg
I have a transparent lock in my desk, great fun for people to try opening and
teaches about how secure standard locks actually are.

------
giardini
While we're on the topic of locks, can anyone recommend a good gym locker lock
that isn't easily broken/hacked?

I've had MasterLock key locks, brass, steel plate, and combination locks and
mini-key locks. All have been broken into and money & goods stolen. No cutters
were used, they simply forced the locks.

I now carry everything with me currently and don't use a locker, which is a
PITA.

~~~
logfromblammo
Use the most commonly used lock on the outside of the locker. You don't want
your locker to stand out. Shrouded padlocks are more secure, but they also
tell potential thieves that your locker may actually be worth breaking into.
In any case, the gym management often restricts your choice, because they need
to be able to cut locks off.

I'd save the serious security for the inside of the locker. Get a locking hard
case designed for handguns, with a cable lock slot built in, and use a cable
lock to secure it to the inside of the locker. Put your valuables in it and
pile your clothes on top.

Consider changing to a gym that has separate locker and changing areas, so
that cameras can be used to detect locker break-ins and catch the culprits.
The individual padlock is, at best, a delaying tactic, which is useless if
someone has unlimited time in which to break security. If someone is in my
locker room popping locks with a shim, I want someone to notice that and
detain them, or at least identify them from the video footage.

~~~
dpark
Someone capable of cutting a padlock can definitely cut a cable lock, so I'm
not sure who you're going to deter this way. You will, however, increase your
loss if they take your gun case.

I think it's a fallacy that using a better lock makes you a bigger target. In
a gym, thieves are looking for the same thing in every locker: money and
jewelry. A better lock doesn't indicate that the Hope diamond is inside. It
indicates that it's going to be harder to steal the $50 from the wallet
inside.

~~~
ptaipale
I guess the idea of a cable lock here is to use it so that it attaches the
bottom or backside of the hard case to the inside of the locker, so that the
cable lock is only accessible from inside the hard case. This is, after all,
how safes are attached to floors and/or walls.

Then, the thief would have to destroy either the hard case, or the whole
locker. That would be slow and noisy. It's not impossible but deters intruders
who will simply perform a cost-benefit analysis and move on (but will surely
destroy your clothes in revenge).

~~~
jacquesm
> but will surely destroy your clothes in revenge

In revenge for what? Interesting psychology.

~~~
ptaipale
Indeed. But it seems to be what burglars often do: if they are frustrated by
security, they do some vandalism.

------
metaphor
For anyone remotely interested in locks for shits and giggles, I highly
recommend Tobias as reference[1] for your personal library...and purchase
every type of lock you can get your hands on for practice.

[1] [https://www.amazon.com/Locks-Safes-Security-International-
Re...](https://www.amazon.com/Locks-Safes-Security-International-
Reference/dp/0398070792)

~~~
ossmaster
I think this book is a little past the shits and giggles horizon. I do own a
copy of it. It's amazing how detailed Tobias is. He is still doing work today.
Follow his YouTube channel.
[https://www.youtube.com/user/mwtobias](https://www.youtube.com/user/mwtobias)

------
BorisMelnik
very cool, I remember reading this in 96/97\. It is a real fun and inexpensive
hobby and a fun challenge.

~~~
nkrisc
Inexpensive indeed. When I was in high school I made my own lock picking set.
For the tension wrench I used a nail I bent into shape and hammered the end
flat until it would fit most locks. I then made a set of picks in different
shapes from thick paper clips that I then hammered flat so they would hold
their shape.

I used to practice on my dad's file cabinet and the crappy lock they made us
use for our lockers in gym class. They were so incredibly easy to pick, I
wonder if it had anything to do with stuff going missing even from locked
lockers?

~~~
germinalphrase
I also made my own, but used street sweeper bristles. They are a nice springy
steel and about the same thickness as commercial lock picks. They are also
made of a soft enough metal that they can be easily shaped using common needle
files.

~~~
SAI_Peregrinus
I made mine from hacksaw blades. That required annealing the steel, then re-
hardening and tempering it. A small butane torch provided plenty of heat since
the steel is so thin.

------
pmoriarty
Anyone interested in this would do well to check out a TOOOL chapter in their
area.[1]

[1] -
[https://en.wikipedia.org/wiki/The_Open_Organisation_Of_Lockp...](https://en.wikipedia.org/wiki/The_Open_Organisation_Of_Lockpickers)

------
OzLockCon
For anyone interested in practicing these skills or learning more about
physical security. [https://ozlockcon.com](https://ozlockcon.com) is happening
in Australia in June this year.

------
ossmaster
Anyone in Atlanta that needs a good locksmith give Open Sesame a call.
[https://www.atlantacarlocksmith.com](https://www.atlantacarlocksmith.com)

~~~
ossmaster
Also disclaimer I own this company. I think it's awesome that tech people
gravitate toward locks so much. It really is an interesting trade that
somewhat maps to programming. At least in the sense of requiring lots of
concentration and the ability to push through struggle and learning curves. I
will say also once you get good at picking locks it's very satisfying to be
able to get into anything.

------
collyw
I think this was one of the first things I found on the web back in ~1994.
Super cool. I managed to pick a couple of locks in my apartment and haven't
had the need to do it since then. Cool to know about though.

------
alpb
off-topic: I can't help but click to his Home Page link:
[http://www.blurofinsanity.com/homeofinsanity02.html#Anchor-2...](http://www.blurofinsanity.com/homeofinsanity02.html#Anchor-27505)

------
mirimir
I don't see bumping ;)

------
FiloSottile
This link is censored in the U.K.

EE says something about it being locked, while Three sends you to a page with
503 in the URL, and this text:

    
    
        Oops!
        Sorry, there is a slight technical glitch.
        Please reboot your device to reconnect to the services.
        Sorry for the inconvenience.
    

Other sites like torproject.org are behind the porn filter which require you
to go to a store with ID to lift it.

I don't know why I still let my connections exit in the U.K., or live here
really.

~~~
DanBC
> This link is censored in the U.K.

By your ISPs, not by all of them. This link isn't blocked by eg TalkTalk.

> the porn filter

There is not "a porn filter". Each ISP has their own filters which are
optional for the customer. Change your settings and stop spreading fud.

~~~
FiloSottile
By at least two ISPs (out of two I checked), but there are sites that track
this.

And this block has no opt-out, while the "porn filter" one requires you to be
over 18, so how would you call it?

Also because the political rethoric around it is quite precisely "protect the
children"...

------
dang
Once every 3 years is ok:

[https://hn.algolia.com/?query=mit%20lockpicking%20points%3E3...](https://hn.algolia.com/?query=mit%20lockpicking%20points%3E30&sort=byDate&dateRange=all&type=story&storyText=false&prefix&page=0)

------
shocks
Bullshit. I'm on Three and the link works fine.

~~~
to3m
I'm sure you could come up with a more charitable response than that.

~~~
teddyuk
Bullshit. I'm on three and it is much cheaper than whatever your on.

:) there you go

------
guest
This is actually a summary of the original document
[http://www.sparknotes.com/poetry/rapeofthelock/characters.ht...](http://www.sparknotes.com/poetry/rapeofthelock/characters.html)

