Re: Generating code numbers for padlock keys

"Joe Kesselman (yclept Keshlam)" snipped-for-privacy@attglobal.net wrote in news:3ef4dd79 snipped-for-privacy@news1.prserv.net:
AFAIK, locksmiths don't really do automotive work, although they also won't admit to that. AAA controls the lock-out segment and only body shops can handle the needs for repair after break-ins and thefts. My car was stolen a few years back by the standard technique of knocking the cylinder out of the steering column, and I learned that the job was beyond the abilities of a locksmith.
I'd suggest dropping by your dealership to pick up an auto cylinder, as they've got some interesting security features. Even though it's just a wafer lock (is that what some smiths call disk-tumbler?) which should mean that you can pick it virtually instantaneously, it's a lot harder than that.
Toyota has added two mechanical barriers to inhibit picking, a fixed one about halfway down the row of wafers and a spring-loaded one at the mouth of the keyway. Between those two, I couldn't make any headway at all and haven't had any new ideas for work-arounds since I originally had the idea, which was years ago.
I've never been convincingly informed that they can be picked, and it would be nice to know if the man exists who can do it reliably and consistently, or if that system is still basically undefeated.
I was wondering if the smithing trade had journals of new developments. Care to share the names with me? I think that it's a safe that they won't be in any of the local libraries.
Up here, a DBA number is only $10 for 5 years, which makes it a huge bargain. But I think the only reason why you really need it is for taxes, which is an issue if you're really going to do business.
What exactly does bonding entail, and was I right about the part where you either sign or swear to an oath?
My definition of "locksmith" is a guy who owns the training manuals and has studied them in sufficient depth to be employable by a shop owner, should he happen to have taken out a want ad that month, and who has free access to the critical pieces of equipment, like the code books and the good cutting machines, but not the sad duplicating machines in the hardware stores.
Did I leave anything out?

"Joe Kesselman (yclept Keshlam)" snipped-for-privacy@attglobal.net wrote in news:3ef4dac9 snipped-for-privacy@news1.prserv.net:
I *was* a hacker when I was at MIT, but IMHO that pastime only exists within the Institute (and perhaps Caltech).
"Hacking" has become an horrifically obsolete misnomer, since the word is generally accepted by everybody except MIT insiders, including the press, public and probably even Webster's, as computer trespassing. In the outside world, trespassing with lock picks already has a name, breaking and entering, and the penalty is three to five in the state pen.
What years were you at the Institute?
Ever hear of a guy named Mark Taylor? He's a perfect case in point of why you should keep your nose clean.
And I'll be the first to admit that I make mistakes. There was a time when I got my ass in trouble and decided that it made more sense to go straight, and just not expose myself to the things that screwing up my life. The big hassle was that the knuckleheads in my hacking club wouldn't frickin' leave me alone, because they saw me pick some locks that other people had trouble with. Sure, I could do it ok in the confines of a nice safe dorm room, but every time I tried to pull a hack, something would go wrong. They kept on me to get back into the game, even though I knew that I'd just get in trouble again.
All this is why I point out loudly and frequently to everyone who seems concerned that I'll swear any oath you ask not to use my skills for clandestine, surreptitious or criminal purposes. And the repetition has the added benefit that it keeps reminding me that I'm not in it for anything but the satisfaction of solving puzzles.
Did you ever hear the story of the night Jim Steranko decided to go straight?
Which is why I've sworn off clandestine field-work. After you've left the benign shelter of the 'Tute, you're no longer playing an elaborate game of tag with friendly rent-a-cops called CP's. You have to assume that real cops aren't forgiving in any way shape or form, because if you get into a situation where you have to find out, there's far too much at stake for you to be wrong.
Thus hacking becomes a locksmithing hobby, and secret activities rise above board. As they say, sunshine is the best disinfectant.
At 42, I'm a lot wiser than I was at 22. At 82, I'm sure I'll be wiser still...

Some of us refuse to accept the abuse of the term, even if it is uncommon.
You can find that out easily enough from the alumni website...
Problem is, until I know you personally I don't know what your oath is worth. Endless recursion. Establish yourself in the community, excercise patience, exercise effort, and doors open. Think of it as another form of lockpicking, though here you're trying to manipulate social rather than mechanical pins.
If someone doesn't have the patience for that, it's probably time to switch hobbies because they'll never be decent at locksmithing either. It's _ALL_ about patience and precision and exploring alternatives and reacting calmly despite frustration.

Such specific tools are not needed to duplicate a key. There is no purely mechanical key which can't be easily duplicated by a skilled machinist with non locksmithing specific machine tools.

LOL If that's the best you can do to "impress chicks" I bet you don't impress many.
Almost anyone concerned with security will be somewhat suspicious. Investigating the process used to generate valid credit card numbers sounds like something that might interest you. Why not just ask around in that industry and see how suspicious people get.

There are two sides to openess with regard to computer security as well. Many of the hackers who find and publish exploits have no interest in maliciousness or destruction, however many of the script kiddies who learn of exploits they would never have discovered on their own do, and use said exploits to that end.
LOL This statement shows how little you understand of physical security or the real world threats to it.

That's what I get for writing when half awake. "Even if the proper usage is now uncommon" or "even if the abuse is common." Gnumph.

Not true. Some do. Some don't. I don't, very often; I know folks who do.
Uhm. If you're talking about the door locks, I think you're referring to the dust cover which is present on most autombile doors. If so, there are straightforward ways of holding that back while working on the lock.
Locksmith Ledger and National Locksmith are the two US journals most often cited. I think there may be a third still in operation. My favorite, Reeds Security Reporter, unfortunately lasted only a few years; publishing's a tough business.
Basically, yes.
Bonding: Is a form of insurance for the customer. Basically, it represents additional money they can sue you for. It's a marketing/reassurance tool.
Oath: There might be one on licencing, but few states do licencing. Mostly I swear at paperwork rather than to it. ("I do solemnly affirm that this is the worst set of instructions I've seen in a long time.")
I sometimes wish Locksmithing *WAS* still more guild-like and had something akin to the Hipocratic Oath.
I'd put the definition in terms of "can exercise a sufficient range of skills well enough"... and I'd note that "employable" sometimes includes apprentice, which may be someone who doesn't initially know much more than how to sweep the shop and ring up sales.
Surprisingly few pieces of equipment are "critical". Better tools allow you to work more efficiently and reliably, but skill can substitute for tools in many cases.
For example: Code books are important if and only if you're doing code work -- and whether you get a full set, or buy versus rent or borrow this resource, is optional. If it's a significant part of your business you definitely need it; if you're working in areas where it isn't, you don't.
Part of running a business is figuring out which investments actually make sense given your intended customer base... and when it makes sense to say "I don't do that but I'm perfectly willing to refer you to a friend who does."
The government's standard job descriptions -- darn, I can't find the link right now -- actually do a moderately decent job of characterizing locksmiths and safe technicians. Massively incomplete, of course, and the emphasis may not be exactly where I would have put it, but their summary is better than I would have expected.

Sure. But a skilled machinist gets more money per hour than a thief does, and has no incentive to take a job which may get him arrested as accessory.
Perfect security is impossible. Good enough really is good enough, and in many cases is a surprisingly low bar, *IF* people don't gratuitously weaken it further.

What you say is in most cases true. I comfortably would say 95% of the time. However it's dangerous to assume that all criminals are not highly skilled. It's also a mistake to assume that all crime nets peanuts. It is no doubt well within the capability of some criminals to produce the various high security keys. If you really have something to protect it's a mistake to depend on physical security alone, no matter how good it may be. You would be surprised (or perhaps not) at the amounts of cash and other valuables some people entrust to physical security alone.

"Joe Kesselman (yclept Keshlam)" snipped-for-privacy@attglobal.net wrote in news:3f037234 snipped-for-privacy@news1.prserv.net:
Where does this extra money come from?
You've obviously never been injured by an clumsy physician.

That would be a bad assumption. Note that it isn't the same as assuming (believing) that the majority of criminals are not highly skilled - and the vast majority who would break into the lower or middle class residence.
Why do you keep on talking about "all"? All it takes is *one* big crime to break that assumption - and we know that there are many big crimes! (But there is a *lot* of petty crime.)
Sure - to produce or buy or ... But are these the ones breaking into typical residences and stealing their electronic entertainment gear?
Such as lighting, locks, alarms, etc.?
What kind of non-physical security would you sugges should be used to protect cash, jewelery, etc.? (Actually Master Sean - working for Lord Darcy - came up with some really good non-phyical methods - but ... :-)

Read up on insurance - it's the pool of reserves that provides this. (If you've ever bought insurance, you should know where *that* comes from. :-)
How is this relevant?

"Billy B. Edwards Jr." snipped-for-privacy@thelockman.com wrote in news: snipped-for-privacy@thelockman.com:
You're definitely using a linear congruential PRNG with super-encipherment. What machine did you implement it on, and in what programming language? Do Master Lock and American use the Locksoft program?

Master Lock uses it now, American doesn't, yet. :-) BBE.

snipped-for-privacy@aol.com (Putyourspamhere) wrote in news: snipped-for-privacy@mb-m18.aol.com:
You're obviously too stupid to use a bad boy angle to get chicks. With that low IQ and angry demeanor, I'll bet you don't impress many either, Einstein.

"Billy B. Edwards Jr." snipped-for-privacy@thelockman.com wrote in news: snipped-for-privacy@thelockman.com:
You have no idea which language the program was written in?

It turns out I was right all along. Billy Edwards gave a complete and accurate description of the algorithm used by Master Lock, and it involves a super-enciphered linear congruential method.
Do you remember the "I told you so" dance from the old MGM cartoons. It goes as follows
I told you so. I told you so. Don't forget I told you so. YA da DA da DA da DA. Don't forget I told you so.
And it repeats over and over and over...
:-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-)

What year was this software developed, and when you were at Locksoft, what was the name of your biggest competitor in the business of writing code generating software.