Mechanical keys are the most fundamental, albeit unsophisticated, form of access control. Like access control, Master Keying allows large scale use by segmenting access. But unlike access control, it ...
Read the full report here
Master Keying Tutorial-old
Brian Rhodes
Sep 14, 2017U
Undisclosed #1
Sep 14, 2017One of the biggest weaknesses of a master key system is a high level key, like a Master, Grandmaster, or even Great Grandmaster key being lost or stolen.
It may be easier to steal one of the campus locks than the Great Grandmaster key.
If a door gets stolen, are all other locks replaced?
Brian Karas
Sep 14, 2017I think you would likely need to steal at least 2 or 3 doors/locks from different areas in order to ensure you had enough random examples to ensure you were truly creating a Great Grandmaster key. Or, you would need a Patron Key, and some knowledge of the number of Masters/Submasters/Grandmasters to assure that you were using the proper shear lines to create your Grandmaster key.
Related, I have heard stories of building managers that were sloppy with allowing tenants to "borrow" a master key to unlock an office for an employee who was out of town, and then that master key being photocopied so that a rogue master key could be manually created.
Also-related, having a master/multi-master key setup can make it easier to pick locks, as you have more valid shear-line options. They can also make it harder to implement anti-picking technologies like mushroom pins.
Master keys are a convenient system, but I do not think building managers properly recognize how they open up new exploits.
U
Undisclosed #1
Sep 14, 2017Or, you would need a Patron Key, and some knowledge of the number of Masters/Submasters/Grandmasters to assure that you were using the proper shear lines to create your Grandmaster key.
Good point. For a single master system, you could make 64 keys I suppose. Maybe the shear-lines corresponding to the patron key pattern would show more wear?
Does that mean that the number of possible valid keys in a given Grandmaster/Master lock is close to a thousand?
Brian Rhodes
Sep 14, 2017Does that mean that the number of possible valid keys in a given Grandmaster/Master lock is close to a thousand?
It depends on the number of pins in a lock and the number of shear lines in the pins.
In some systems, only one or two pin stacks include multiple shear lines.
DD
Dan Droker
Sep 15, 2017Also, supersets of keyways can be used to provide greater numbers of possible locks. The same change key bittings can be used for multiple doors if they have different keyways, and the master key can access them all.
U
Undisclosed #1
Sep 16, 2017UE
Undisclosed End User #2
Sep 14, 2017bump key is the true master key, more than 10 years old...
one of many demos here:
Brian Rhodes
Sep 14, 2017It's true that Bump Keys are a big risk, especially for lower end commercial and residential locks. (See: Bump Key Crisis - What Are You Doing About It?)
Just like a lock that claims to be 'unpickable', any lock that claims to be 'unbumpable' is asking for it! Given enough time and commercial exposure, someone is going to find a twist on the method that works.
However, there are 'bump key protections' that can be adopted to minimize the risk.
Restricting the easy availability of uncut keyblanks is one, ie Low Tech Access Control: Restricted Keyways. It does not take a genius to modify a metal strip to fit a lock profile, but it could add time and difficulty for sure.
Second, there are pins shaped with tapers or gaps or bevels, or that are offset in the lock body, so that linear, sharp, bumping force just rattles the pins but does not substantially move them.
In other cases, pins are not used at all, but wafers, ie: Kwikset Smartkey (which has it's own problems unrelated to bumping).
In any case, if the locks keep the badguys out, they might just use sledgehammers and axes. Security should never settle only on just one layer to be effective!
UE
Undisclosed End User #2
Sep 14, 2017Brian, nothing is "secure"...
I remember way back when I locked myself out of my own vehicles trunk, I simply took a wrench and twisted the lock - without any key inside, and I created an new "shear lines" by small force. It's simply small crappy brass things in the locks...
Brian Rhodes
Sep 14, 2017UE
Undisclosed End User #2
Sep 14, 2017U
Undisclosed #1
Sep 14, 2017- without any key inside, and I created an new "shear lines" by small force.
If you had put a key inside first you could have created a master key for the trunk.
Michael Gonzalez
Sep 14, 2017Great article guys!
UM
Undisclosed Manufacturer #3
Sep 16, 2017It does not really matter if you use "analog" or "digital" locks, all have their issues. Locks are useful to slow a bad guy down, but if a lock is your single line of defence, then you you already lost the game.
What you need are additional defense lines. One Stoneage-LowTech-Solution works still well in these days: Dogs. If you compare the "maintenance cost" of dogs with fancy lock system, the TCO is quite interesting ☺️
Oh, maybe thinking about cameras might be a good idea too!
New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions