Interesting design. I made a lock a couple years ago that is quite similar in principle (though this design is different and has a couple nice improvements).
The interaction of engineering and "use" by the Lock Picking Lawyer (https://youtu.be/Ecy1FBdCRbQ) was fascinating - "use" here really meaning "exploiting". It's a problem many here are aware of, either by over-engineering things intended for use by non-engineers, or designing things to be used by customers when the designer isn't intimately familiar with the use. In this case it was sort of somewhere in between.
I'm currently an operator of heavy machinery in a factory making tools for the wafer industry, although my main career is in software development. I'm actively working with the tools and software used to get a better understanding of the disconnect between engineering and operations. It's been a great way to consider how to improve tools in ways that aren't just "better" from a software/engineering standpoint.
Also, holy cow. I've watched all of your videos multiple times. You are truly an inspiration. Thank you, and apologies for the fanboying.
Def want to see Enclave's under Lock Picking Lawyer! If you make a "unpickable lock" you'd def want to send it to LPL, that's like the ultimate proof of how easy/hard it is to pick. The fact that there's no video, with how approachable LPL is and accepts random locks in his PO box, can only be seen as a red flag.
I can't be bothered to use YT anymore with all the ads. They're basically interactive, on-demand, corporate TV monetizing other people's content and nothing more. The world needs a co-op video sharing app and a microblogging app.
I think one problem here is that the more complicated you make a locking mechanism, the more you suffer by increasing the attack surface with other potential flaws or just the lock being physically weaker (i.e. smashable).
Kinda like how the most advanced cryptography is usually broken because someone made an error in the complexity of implementing it.
The other problem with increased complexity is that the more intricate your mechanism is, the more prone to failure due to wear or contamination it becomes. A security measure is only as good as it can remain usable. As a locksmith for working in the industry for 25 years, I've seen a lot of high security designs come and go, and the stuff that sticks is the stuff that's simple and reliable. The fundamental fact of locks and security is that people just don't pick locks much. The vast overwhelming majority of unauthorized accesses are via an acquired key or via bypass attacks on other aspects of the locking hardware than the keyed cylinder.
To put it bluntly, all these fancy pick-proof designs people are coming up with have zero real world utility and are just toys for locksport enthusiasts to play with.
EDIT: and really, I'd say all the patent discussion is moot. A patent is only useful if there's a market for your product. This product has design shortcomings that render it a non-starter for most applications, i.e. no master keying capacity, which makes it useless in any institutional setting, and a design necessity of using critical precision parts that won't handle outdoor exposure well, and a physical size that makes it incompatible with even the largest north american cylinder format. This is a product without a profitable customer base.
I remember being annoyed by the end of that video with the backplate. swighton had already thought of that and machined for a backplate but it was just left out so the LPL could crack into it.
In any case, this guys design I think is a significant improvement over swighton's. swighton made it so that the key triggered the locking mechanism as you pressed it in, this guy made it so that you had to turn the key to test the locking mechanism, as well as adding a multipin stack.
You absolutely should sue them with prior art or something if they patent it. You had an amazing fairly well distributed YouTube video with this design anyway.
Yeah I immediately thought of your work when I saw this. The key insight is the same, even if the implementation is different. Everything you do is fascinating by the way!
Although I've seen pretty much all of your videos, I'm ashamed to say I couldn't remember your name, so I googled "Andrew Magill" expecting your face to pop up.
I loved the way the puzzle was presented in that video and loved the partial solution. It has been consuming idle brain cycles eversince.
First we should proudly make the key flat as security by obscurity is not done. We should solve the problem for real and it has to be easy to manufacture.
The real idea: put a tube around the cylinder. after rotating the cylinder by 45 deg it drags the tube along.
you have a pin in the tube with small discs on the key side. The inner cylinder can rotate freely for 45 degrees at which point it drags the tube along IF the pin is in the correct position thereby testing the correctness of the key used therein all pins simultaneously.
different keys can be had by changing the number of discs. No machining required.
Just want to say I absolutely love your channel and it's been a huge source of motivation to work on my own hardware projects in the past, I eagerly await your next video!
This could be worth fighting for. If another maker uses your work to build and share an improved lock, as you did, this guy could try suing them for that, as though the basis for their work was his, ruining the spirit of openness and stunting any resulting improvement in lock design.
It might be a struggle to prove prior art but you might have enough sway to be able to find a pro-bono lawyer, and/or publicly pressure or embarrass him into compromising. Patreon would almost certainly help with costs too.
Seriously, you have a tremendous amount of credibility in maker/engineering communities, among others. Thank you very much for doing what you do.
As others have already said, you’re a huge inspiration.
I was trying to find interviews that you’ve done to learn more about how you came To know so much, but it looks like you’ve never really done any interviews. Any reason why?
You can use a third party pre-issuance submission to ensure that the parent examiner considers your work as prior art during the application process. There’s no fee to file the first three documents you want to the examiner to consider. This will ensure he doesn’t get a patent which could be construed to block you from building your lock design.
For those that did not watch it. The lock was left to be pickable on purpose. The improvements were purposely left out so LPL could pick the lock for entertainment purposes.
This looks very similar to the design[0] by Stuff Made Here (and collaborative hardening [1] suggestions by Lock Picking Lawyer)…an excellent set of videos.
StuffaMadeHere used friction to keep pin in place between setting and testing. Here, he used many small pin to translate to a discrete combination. Quite different ! And I think more resistant to wear for a real word application.
I am a reasonably capable lockpicker and lock collector with hundreds of locks of every mechanism I can get my hands on... and as LPL often demonstrates, the vast majority of them, particularly the move clever seeming designs, are actually easy to pick.
I have one of the Enclave lock prototypes on my desk and can confirm the machining is brilliant and I have no idea how one could approach picking this. No feedback at all for correct vs incorrect.
I plan on taking it to my local SF Toool meetup to see if any of the true experts there can come up with anything.
So looking at the lock’s YouTube video it may be susceptible to an attack where you set all the pins to their lowest, turn the key and then jolt the lock several times while continuing to turn the key.
From the video it looked like it would be pretty simple to lift the tiny pin wafers into the pin decoding region if there's nothing stopping you from over-lifting.
>I have no idea how one could approach picking this
Not sure how well the lock is made but it may be possible to detect when pins 1 and 6 are in correct position - because the slider is "stiff against springing apart" at those pins, if you get what I mean. The key might turn a degree or so more if those pins are correct, which may be detectable.. That would be only 36 positions to check.
Likewise, pins 2 and 5 should produce slightly more resistance than pins 3 and 4, but the difference would not be quite as pronounced. But if the difference is detectable, then it could be a possible attack strategy.
Didn't that guy stuffmadehere make something that's very similar in concept, sent it to LPL and he still managed to open it? I think the attack angle wasn't the mechanism though.
While very cool and seemingly well-designed, this seems like a derivative of the lock developed by the YouTuber StuffMadeHere. A little strange to see someone applying for a patent for a version of someone else's design.
The principle is the same, but this design is different and better in some ways. Depending on the generality of the claims a patent may be reasonable. The Enclave design is more refined/compact, but I'm skeptical of the longevity/durability of the wedge mechanism.
The underlying principle that's common between the StuffMadeHere and Enclave designs is 1. Decouple setting the pins from testing them, and 2. Do not allow the keyway access to physically manipulate the set pins while testing them.
Interestingly this same principle is used throughout cryptography, e.g. in constant time comparison algorithms. Basically, any partial success information leak can be used to reduce the search space exponentially. And that's what single-pin picking is all about, so it's cool that this idea has (finally?) migrated to physical security.
Except this isn't a constant time comparison. You still reach the "no more turning" angle at whichever pin is incorrect first. This is more like forcing the password to be fully retyped after each failed attempt. A good feature, but not a feature which eliminates side channels which might be there.
would likely depend on whether the filing date was before or after this, but yeah, this would likely invalidate any claims for the most interesting improvements over the SMH designs
Need to see the patent or published application, and in particular the claims. I've got a few patents under my belt, but I'm not a patent lawyer. Typically when prior art is found during the preparation or processing of a patent application, the inventor can either argue for why their thing is new and different, or narrow their claims to the point where what's left satisfies novelty. Now at that point, one is left wondering if their idea is still worth patenting. But that's another matter.
Even as an inventor with some experience in the patent process, I still find it hard to second guess the patent office on what they will accept or reject as prior art. The lawyers are better at it than I am.
More than once I've rushed breathlessly to the lawyers with screaming hot obvious prior art, and they say: "Meh, it's not prior art because of X, Y, and Z, nice try."
The concepts employed in the StuffMadeHere video were derived from techniques used in other pick-resistant locks. His implementation is unique, of course, but he also derived his lock from other existing techniques.
There’s a big world of lock design and research out there, and I doubt this company simply decided to rip off a YouTuber.
> and I doubt this company simply decided to rip off a YouTuber.
While you’re likely right, YouTubers are massive in terms of reach and popularity, and there are heaps of cases where companies have done exactly that…
> A little strange to see someone applying for a patent for a version of someone else's design.
Apparently it's common depending on the country you live.
Some countries have a first-to-file versus a first-to-invent patent system. And so you end up with people (often inventors or retired lawyers) who spend their days filing patents for other people's inventions. The idea being that they only need one or two of the patents in their lifetime to result in a massive payday for it be all worth it.
Even in the US, which is first to file, your patent can be invalidated by published prior art that makes it obvious. The stuff made here video is a textbook example of an invalidating piece of prior art.
I also seem to recall that the LockPickingLawyer was able to break that lock using two separate methods that I didn't see addressed in the article, so I wonder how much this person just copied StuffMadeHere..
LPL “cheated” when picking SMH’s lock but still provided valuable feedback. Both weaknesses he found are easily fixed. In one case he could walk the deadbolt back because of a precision error/oversight in SMH’s lock. The other he stuck a small shim between the door and the lock to tension the second tumbler which is not an issue with this lock and easily fixed on SMH’s lock by closing the back with a plate.
A lot of people saying this is similar/same to the lock from Stuff Made Here. Certainly both use the same concept of preventing single pin picking by separating the pin alignment and matching stages, but this does appear to be a unique design. SMH used a pushing mechanism to bind the pins in place before trialing a set of gates via rotation; this one sort of does the reverse, with pins never binding (see stack of separable wafers on each pin) put a pushing mechanism trials the combination.
This one does seem potentially more compact / compatible to existing form factors. Though it also looks like it'd be vulnerable to just torqueing it, depending on how strong that zigzag bit is. But I guess then you can just break the door.
Torqueing a lock in a way that is visible is usually not a problem for the threat model a lock is attempting to address. However, this mechanism looks like it may be vulnerable to torqueing without external signs of damage.
He's fun, but my favorite favorite ones are where they forget about inertia or magnets.
"All is fair in Love and War"? The Geneva Convention would like to have a word with you on that. And good luck keeping someone who finds out what you did for love (and if you do, then you deserve each other), but all is definitely fair in lock picking.
Magnets, mallets, plastic pens, soda cans, springs, electric toothbrushes, masking tape, string, cardboard, water, salt water, we have seen it 'all' and the world is full of items that haven't even been tried yet because those all work pretty damned well.
I don't know if this is too slow of an attack to count, but you could build an automated lockpicking machine that would iterate over the possible pin height combinations. If a fast robotic machine could input & test one key pattern per second, it would find the correct pattern in 12.96 hours or less. One pattern per second should be quite feasible. Here's an example video that shows how robots can move very quickly while maintaining submillimeter precision: https://youtu.be/SVuOWwL410U?t=7
Exactly. And based on the test mechanism simply requiring a ~46 degree turn to fail, I think it could actually be done in ~300ms per attempt, which would make the maximum solution even lower at ~4 hours. That's of course still a lot better than a traditional mechanism, which even brute force robotic pickers can tear through rapidly, but it's far from "unpickable."
Ultimately, even lengthening the time per attempt wouldn't help save it from attack, because not only is this lock susceptible to robotics, it's easily pickable with audio analysis. Much like the traditional mechanisms that this lock hopes to replace, you only need to analyze one to build a matrix applicable to all of the locks.
It's not unpickable, and the creator doesn't claim it's unpickable, either. So the title really shouldn't include the word.
I am not sure if I would call trying all combinations "picking s lock" — wouldn't adding a couple of pins simply make that infeasible again? You could also bring all 46k key variations and try them out, and you'll open it with 23k attempts on average, but that would not make the lock pickable if I was to talk about it.
I have no clue about locks, but there's a difference between brute forcing a password and decrypting it from the hash.
Those master cylinders are of specific dimensions, variable length and probably mass as well. I wonder if one could analyze the audio frequency spectrum, and/or mechanical impulse response, to deduce the length of the master and work out the bitting.
To counteract brute-forcing, how about adding a rate-limiting mechanism?
I could imagine each attempt to rotate the cylinder could partially compress a spring-loaded lever. There could be some sort of ratcheting return mechanism that allows the spring to decompress at a known rate (think a kitchen timer). Once the spring is compressed beyond a certain point (e.g. after 5 failed attempts), a mechanism locks out the cylinder until the return mechanism allows the spring to decompress back to its starting position.
If the lockout happened after 5 failed attempts, and the lockout duration was 10 minutes, an attacker could test at a maximum rate of 30 combinations per hour. It would take 64 days to check all 46,656 possible combinations, or 32 days on average to find the solution.
Sounds like an interesting way to get locked out of your house.
You would need successful uses of the key to reset the ratchet or every 5 times you opened your door it would become inoperable for 10 minutes, assuming the spring for the timer hasn't rusted or got a bit of grit in it or whatever.
I have zero knowledge about the topic and something in the video confuses me:
In the YouTube video explanation around 2:30, when individual positions (not sure if it's the correct word: talking about the different parts of the lock's inner array moving based on the position of the key/pick) are picked, why doesn't the inner mechanism at snap back to its initial state by the spring's force when key/pick is moved out of that position?
And how do they reset when lock is turned and unturned back to initial rotation state if they don't reset when individual positions are released?
The pins usually don't fit exactly (because they still need to be able to move up and down), meaning that you can turn the lock slightly even without the pins at the right positions.
If a pin is pushed up completely, and you turn the lock slightly, the pin can get stuck in the right position.
This is done with a torsion wrench, keeping torsion on the lock while trying to get the pins in the right position with picks, hooks, or rakes.
Readit News
https://youtu.be/_7vPNcnYWQ4
One of my main goals is to be an inspiration, though if it was based by my design I wish they’d credit it. Especially since they’re patenting it.
I'm currently an operator of heavy machinery in a factory making tools for the wafer industry, although my main career is in software development. I'm actively working with the tools and software used to get a better understanding of the disconnect between engineering and operations. It's been a great way to consider how to improve tools in ways that aren't just "better" from a software/engineering standpoint.
Also, holy cow. I've watched all of your videos multiple times. You are truly an inspiration. Thank you, and apologies for the fanboying.
Do it in the open, like Stuff Made Here!
He picked a lock with the same concept by swighton (Stuff Made Here), but exploited a flaw that had nothing to do with the mechanism.
https://www.youtube.com/watch?v=Ecy1FBdCRbQ
I think one problem here is that the more complicated you make a locking mechanism, the more you suffer by increasing the attack surface with other potential flaws or just the lock being physically weaker (i.e. smashable).
Kinda like how the most advanced cryptography is usually broken because someone made an error in the complexity of implementing it.
To put it bluntly, all these fancy pick-proof designs people are coming up with have zero real world utility and are just toys for locksport enthusiasts to play with.
EDIT: and really, I'd say all the patent discussion is moot. A patent is only useful if there's a market for your product. This product has design shortcomings that render it a non-starter for most applications, i.e. no master keying capacity, which makes it useless in any institutional setting, and a design necessity of using critical precision parts that won't handle outdoor exposure well, and a physical size that makes it incompatible with even the largest north american cylinder format. This is a product without a profitable customer base.
In any case, this guys design I think is a significant improvement over swighton's. swighton made it so that the key triggered the locking mechanism as you pressed it in, this guy made it so that you had to turn the key to test the locking mechanism, as well as adding a multipin stack.
Interestingly, videos don't seem to count? It must be a written description?
https://www.uspto.gov/web/offices/pac/mpep/s2206.html
Amazing content, your shows are some of the best YT has to offer.
His shop is also any ME major's wet dream (and he totally earned it!).
First we should proudly make the key flat as security by obscurity is not done. We should solve the problem for real and it has to be easy to manufacture.
The real idea: put a tube around the cylinder. after rotating the cylinder by 45 deg it drags the tube along.
you have a pin in the tube with small discs on the key side. The inner cylinder can rotate freely for 45 degrees at which point it drags the tube along IF the pin is in the correct position thereby testing the correctness of the key used therein all pins simultaneously.different keys can be had by changing the number of discs. No machining required.
Have fun
(Going to implement that one on all my enter password pages.)
It might be a struggle to prove prior art but you might have enough sway to be able to find a pro-bono lawyer, and/or publicly pressure or embarrass him into compromising. Patreon would almost certainly help with costs too.
Seriously, you have a tremendous amount of credibility in maker/engineering communities, among others. Thank you very much for doing what you do.
I was trying to find interviews that you’ve done to learn more about how you came To know so much, but it looks like you’ve never really done any interviews. Any reason why?
- https://www.youtube.com/watch?v=xjVS-g_ss84 - https://www.youtube.com/watch?v=8CWsA22H35Y
For those that did not watch it. The lock was left to be pickable on purpose. The improvements were purposely left out so LPL could pick the lock for entertainment purposes.
You are a HUGE inspiration to me, slowly growing past 55,000 subs.
Thanks for the amazing videos and inspiration!!
https://youtu.be/2A2NY29iQdIhttps://youtu.be/Ecy1FBdCRbQ
https://news.ycombinator.com/item?id=31880501
https://youtu.be/ai5Hf-wPXFE and he mentions it's a collaboration at 4:29.
I have one of the Enclave lock prototypes on my desk and can confirm the machining is brilliant and I have no idea how one could approach picking this. No feedback at all for correct vs incorrect.
I plan on taking it to my local SF Toool meetup to see if any of the true experts there can come up with anything.
https://en.wikipedia.org/wiki/Lock_bumping
Not sure how well the lock is made but it may be possible to detect when pins 1 and 6 are in correct position - because the slider is "stiff against springing apart" at those pins, if you get what I mean. The key might turn a degree or so more if those pins are correct, which may be detectable.. That would be only 36 positions to check.
Likewise, pins 2 and 5 should produce slightly more resistance than pins 3 and 4, but the difference would not be quite as pronounced. But if the difference is detectable, then it could be a possible attack strategy.
The underlying principle that's common between the StuffMadeHere and Enclave designs is 1. Decouple setting the pins from testing them, and 2. Do not allow the keyway access to physically manipulate the set pins while testing them.
Interestingly this same principle is used throughout cryptography, e.g. in constant time comparison algorithms. Basically, any partial success information leak can be used to reduce the search space exponentially. And that's what single-pin picking is all about, so it's cool that this idea has (finally?) migrated to physical security.
I don’t see how this patent has any legs to stand on.
Well USPTO did move to first-to-file under Obama.
Is there a patent filed before this one?
Even as an inventor with some experience in the patent process, I still find it hard to second guess the patent office on what they will accept or reject as prior art. The lawyers are better at it than I am.
More than once I've rushed breathlessly to the lawyers with screaming hot obvious prior art, and they say: "Meh, it's not prior art because of X, Y, and Z, nice try."
There’s a big world of lock design and research out there, and I doubt this company simply decided to rip off a YouTuber.
While you’re likely right, YouTubers are massive in terms of reach and popularity, and there are heaps of cases where companies have done exactly that…
Apparently it's common depending on the country you live.
Some countries have a first-to-file versus a first-to-invent patent system. And so you end up with people (often inventors or retired lawyers) who spend their days filing patents for other people's inventions. The idea being that they only need one or two of the patents in their lifetime to result in a massive payday for it be all worth it.
I'm pretty sure 95% of patent applications and 50% of granted patents are attempts to steal someone's invention out from under them.
Dead Comment
I also seem to recall that the LockPickingLawyer was able to break that lock using two separate methods that I didn't see addressed in the article, so I wonder how much this person just copied StuffMadeHere..
Deleted Comment
This one does seem potentially more compact / compatible to existing form factors. Though it also looks like it'd be vulnerable to just torqueing it, depending on how strong that zigzag bit is. But I guess then you can just break the door.
"All is fair in Love and War"? The Geneva Convention would like to have a word with you on that. And good luck keeping someone who finds out what you did for love (and if you do, then you deserve each other), but all is definitely fair in lock picking.
Magnets, mallets, plastic pens, soda cans, springs, electric toothbrushes, masking tape, string, cardboard, water, salt water, we have seen it 'all' and the world is full of items that haven't even been tried yet because those all work pretty damned well.
Ultimately, even lengthening the time per attempt wouldn't help save it from attack, because not only is this lock susceptible to robotics, it's easily pickable with audio analysis. Much like the traditional mechanisms that this lock hopes to replace, you only need to analyze one to build a matrix applicable to all of the locks.
It's not unpickable, and the creator doesn't claim it's unpickable, either. So the title really shouldn't include the word.
I have no clue about locks, but there's a difference between brute forcing a password and decrypting it from the hash.
I could imagine each attempt to rotate the cylinder could partially compress a spring-loaded lever. There could be some sort of ratcheting return mechanism that allows the spring to decompress at a known rate (think a kitchen timer). Once the spring is compressed beyond a certain point (e.g. after 5 failed attempts), a mechanism locks out the cylinder until the return mechanism allows the spring to decompress back to its starting position.
If the lockout happened after 5 failed attempts, and the lockout duration was 10 minutes, an attacker could test at a maximum rate of 30 combinations per hour. It would take 64 days to check all 46,656 possible combinations, or 32 days on average to find the solution.
You would need successful uses of the key to reset the ratchet or every 5 times you opened your door it would become inoperable for 10 minutes, assuming the spring for the timer hasn't rusted or got a bit of grit in it or whatever.
In the YouTube video explanation around 2:30, when individual positions (not sure if it's the correct word: talking about the different parts of the lock's inner array moving based on the position of the key/pick) are picked, why doesn't the inner mechanism at snap back to its initial state by the spring's force when key/pick is moved out of that position?
And how do they reset when lock is turned and unturned back to initial rotation state if they don't reset when individual positions are released?
(Sorry if I used a terribly wrong terminology)
If a pin is pushed up completely, and you turn the lock slightly, the pin can get stuck in the right position. This is done with a torsion wrench, keeping torsion on the lock while trying to get the pins in the right position with picks, hooks, or rakes.
engineer confirmed