Matt Blaze's
Science, Security, Curiosity
Some references from my talk on "Safecracking, Secrecy and Science"
Not everything worth reading is on the web yet.

Several people asked me for a list of references from my talk on "Safecracking, Secrecy and Science" Sunday morning in Sebastopol, and I promised a blog entry with pointers. (If you were there, thanks for coming; it was fun. For everyone else, I gave a talk on the relationship between progress and secrecy in security, as illustrated by the evolution of locks and safes over the last 200 years.)

Unfortunately, few of the historical references I cited are on the web (or even in print), but a bit of library work is repaid with striking parallels between the security arms races of the physical and virtual worlds.  

The references that follow probably won't make coherent sense without the talk that went with them, so if you weren't there, I apologize for the somewhat sprawling scope and for not writing something more cohesive that ties it all together. But everything here had a strong influence on me, and maybe it will on you, too.

Probably the most important 19th century work on security is Alfred Hobbs' 1853 book, in which he describes attacks against the major lock designs of the day, including the Bramah slider lock (photos here).

  • A.C Hobbs (with Charles Tomlinson, ed.). Locks and Safes: The Construction of Locks. Virtue and Co., London, 1853 (revised 1868).
(A reprint edition was issued sometime in the 1970's but seems to be out of print at the moment.)

Hobbs' introduction makes an eloquent case for openness in discussing security vulnerabilities:

A commercial, and in some respects a social doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discussion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fallacy. Rogues are very keen in their profession, and know already much more than we can teach them respecting their several kinds of roguery.

Rogues knew a good deal about lock-picking long before locksmiths discussed it among themselves, as they have lately done. If a lock, let it have been made in whatever country, or by whatever maker, is not so inviolable as it has hitherto been deemed to be, surely it is to the interest of honest persons to know this fact, because the dishonest are tolerably certain to apply the knowledge practically; and the spread of the knowledge is necessary to give fair play to those who might suffer by ignorance.

It cannot be too earnestly urged that an acquaintance with real facts will, in the end, be better for all parties. Some time ago, when the reading public was alarmed at being told how London milk is adulterated, timid persons deprecated the exposure, on the plea that it would give instructions in the art of adulterating milk; a vain fear, milkmen knew all about it before, whether they practiced it or not; and the exposure only taught purchasers the necessity of a little scrutiny and caution, leaving them to obey this necessity or not, as they pleased.

Also regrettably out of print (although widely available on and is Ben Macintyre's recent biography of Adam Worth, who mass-produced burglary in the Victorian era much as Joseph Bramah mass-produced locks a hundred years before. Worth understood his high-end burglary enterprise partly as a technology-oriented business, maintaining an active recruiting network that brought in specialists to defeat the increasingly sophisticated security mechanisms he expected to encounter. The symbiotic (and grudgingly respectful) relationship that evolved between Worth and his pursuers at the Pinkerton agency seems particularly familiar today.
  • Ben Macintyre. The Napoleon of Crime: The Life and Times of Adam Worth, Master Thief. Farrar, Straus and Giroux. 1997.

The security arms race between safemen and yeggs is impressively chronicled in Richard Byrne's Safecracking. Byrne, who worked for the British probation department and had extensive access to actual criminals during his career, saw master safecrackers as a now-dying breed of high-tech journeymen, distinguished by the need to master complex technical skills to join their elite criminal class. Inexplicably, Byrne dismisses manipulation of modern safe locks as an impossibility, suggesting the safecracking arms race has now ended with the good guys having decisively won. This conclusion is definitely not yet true (or if it is, it's not because of the locks -- read on), but does not detract from an extensive and fascinating historical account that again parallels security in modern computers and networks. Unfortunately, the book (a 300 page paperback) is very difficult to find in the US, but may be more widely available on the UK used book market.

  • Richard Byrne. Safecracking: Tales and Techniques of the Master Criminals. Grafton (London). 1991.

The basic principles of systematic manipulation of modern mechanical safe locks were first published for the (legitimate) safe trade at least half a century ago; the standard reference to this day is:

  • Clyde Lentz and Bill Kenton. The Art of Manipulation. 1953. (Currently published by HPC, a locksmithing tools supplier).

In contrast to Hobbs' open attitude a century earlier, Lentz and Kenton weren't completely comfortable with publishing safecracking technique. It isn't entirely clear whether they were more worried about harm to safe users or the livelihoods of safe technicians, given the warning that begins their treatise:

It is extremely important that the information contained in this book be faithfully guarded so as not to fall into the hands of undesirables.

We also suggest after you become proficient in the art of manipulation to destroy this book completely, so as to protect yourself and our craft.

(Fortunately, not all readers followed this advice; I found a perfectly intact copy in a library 50 years later).

I've recently written a bit myself on locks and safes (and their relationship to computer security).

While the security metrics and mechanical safeguards used in safes and vaults may not relay on the latest technology, they are often quite ingenious. I think they have much to teach computer security. For an introduction to safes and safecracking from a CS perspective, see my survey paper below (warning -- heavily illustrated 2.5MB .pdf file). And for a brief commentary on the reaction to this paper, see my essay, "the second sincerest form of flattery" (click here), which was originally posted to interesting-people.

  • M. Blaze. "Safecracking for the Computer Scientist." U. Penn CIS Department Technical Report. 7 December 2004 (revised 20 December 2004). [PDF].
Cryptologic techniques can be applied outside of computers and networks, Perhaps surprisingly, the abstractions used in analyzing secure computing and communications systems turn out also to be useful for understanding mechnical locks and their keyspaces. Indeed, modeling master keyed locks as online authentication oracles leads directly to efficient solutions for what might naively seem like exponential problems for the attacker. In fact, it seems like almost a textbook example, as if master keying practices for locks were designed specifically to illustrate this class of weakness. We sometimes assume that hardware-based security is inherently superior to that based in software, but even the humble mechanical lock can be just as insecure as complex computing systems, and can fail in similar ways.
  • M. Blaze. "Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks." March 2003. IEEE Security and Privacy. March/April 2003. [PDF].
For a brief commentary on the reaction to this paper, see my essay, "Keep it secret, stupid!" (click here), which was originally posted to comp.risks.

Billy B. Edwards, a prominent locksmith who specializes in master keying (and whose book I cited in my paper), summed up the gap between current locksmithing and computer security philosophy in a guest editorial in The National Locksmith (a locksmithing trade magazine) in June 2003:

...It [Blaze's master keying paper] shouldn't have been published, because the only people it will educate are the dishonest who will use it to compromise security. Locksmiths don't have to be surreptitious ...

... No, we can't call him a moron because he is obviously intelligent, after all he did grasp the concepts of master keying. We can however, see that he is an inexperienced amateur when it comes to physical security. In his computerized world it is a simple thing to fix a security problem, you just load new software...

My Notes on Picking Pin Tumbler Locks, which I wrote up a few years ago for students in my security seminar, seems to have taken on a life of its own on the 'net. It can be found here [HTML].

I think locks and safes are interesting not just for their security properties, but also as beautiful, elegant examples of industrial design. Some photos I've taken of security gadgetry can be found here [HTML].