Thursday, December 29, 2011

Master Keying System Set-up Checklist

Personally, I like how ideas for doing jobs better can sometimes hit you.  And how they sometimes inspire my writing for work or for this blog.  In this case, I was listening to a science podcast and it referenced a significant paper on surgery. The researchers had looked at the airline industry and found how common mistakes were avoided simply by having routine functions done with a checklist.  Critical yet routine items were not missed or put in the wrong order.  The thought was to test if similar checklists would help to prevent common surgical errors.  After drafting the checklists, they had a bit of a struggle to find surgeons who would test them.  However, they did find several cooperative surgeons and the checklists had dramatic effect to decrease complication. (1)

The common element is repetition. Errors leak in for a multitude of reasons because the work demands attention to detail but the details are highly patterned and yet not completely identical.

This had me thinking of drafting, designing and implementing master key systems.  It can go 'off the rails' simply by failing to ask one question or think to include one step.  I quickly tossed up a small poster for my shop to prompt me to think of all the issues.  Keep in mind this is a first draft. I will pencil in items the next few times I draw up systems and then amend the list.

With that, here is it.  By all means suggest a line or two to add.  Or suggest some in a different order.  Even now, I am thinking I need some points about the implementation phase where I cut all the keys, pin the cylinders and keep the records.

Master Keying System Set-up Checklist
Do you know the floor plan and room programming?

If extension of existing …
    Do you know the TMK and all issued changes?

If replacing a known MK …
    Do you know the old TMK? Fixed or constant parity?
    Can you select a new TMK to retire all old keys?
    Check all other items as if new system.

If new …
    What is the keyway?  Look up ITL# and MACS.
    How many MK levels are needed?
    Do I need a Control Key?  Auxiliary MK?
    How many changes are needed in each level?
    Are NMK doors known?  Are SKD doors known?

Select a TMK cut sequence.
    Does it have one high cut? One low cut?
    Does key repeat in registry?
    Select H/P and SOP to find available keys.
    Can each branch of system be used under 60%?
Are there enough blanks?  pins?  tags?
How many cylinders are there to change?
    KIL__  KIK__  DB__  Mort__  Rim__  Other___
Do cylinders have to be pulled and replaced in boxes?
Of course, this is MY checklist and needs to function for my work. If you do different jobs, then you checklist would be slightly different.

(1) This is research which dates back about 20 years now.  Strangely enough, it is not universally done in surgery even as effective as it proved to be.  I tried to track back the original paper but after getting flooded with hits, had to just move on.  If you know the authors, I would be happy to credit the work. Google Scholar shows the topic is still hotly researched.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached. And remember, keep your follower on the plug.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Tuesday, December 20, 2011

Mechanical Drawing Mess

Recently, I was tasked with installing some hardware which I had not installed before.  Well, not this model but to some degree a door closer is a door closer.  I am choosing to not name the culprit but if you recognize this diagram, so be it.  Basically, the instructions ticked me off and so they get some time on the net.

This is the main diagram to measure off the drill and tap points on the frame header and the door.  Being a diagram and not a template, it is not expected to be at 1:1 scale.  However, a quick look will find measurements which are not even in proportion.  For instance, compare the line for 4 1/8 (105) to that for 4 15/16 (125) to that for 11 3/8 (289).  For the best contrast, there are two places labelled 4 (102) and they are not even close to the same.

Another problem is that of reference.  A door closer swings a door and for this mechanical reason, the centre line of the hinge is the natural reference point. Every measurement should be from it. This is a counter example for the engineering drawing class I once took on positioning dimension lines. At site, it also drives you to either add up the numbers or serially measure. Either method introduces errors.  The five mounting holes never repeat spacing and they really could.

Am I done commenting on the instuctions from the box. Not even close.

  • The fastener hardware supplied posed a few mysteries. There are clearly items to be used. Some are for applications I can tell are not needed here.  And then there are other screws. 
  • The cover is held by 3 screws when 5 holes are available. The cover sits square if you put the top screws in and would be less subject to vandals taking the two lower bolts or them being lost from vibration. Yet, without the screws in the bottom, it looks unfinished.
  • The arm is put on with a big bolt over a washer. Two with the right threading are provided and yet the diagram shows a third type and a very clearly different washer. 
  • Like many closers, this has a closing force adjustment nut on the end of the barrel. The instructions say it is shipped at a middle setting of the power range. There is no table given for turns should you have a wider or heavier door. 
  • You have to dismount the closer from the mounting plate to get access to one of the screws. This step is never said.
  • They claim to provide hex keys to adjust two different items. Only one was there. However, if planned better, both could have been that one size.  The needed hex wrenches were side by side on my tool kit.
  • The instructions given refer you to do the wiring as per another document which was not in the box. 

Some will read this and think the locksmith is grumbling again. If that were all it was, I should not be writing. Poor quality instructions slowed me down. You recheck measurements. You ponder over which bolt to use where.  You test out the mounting locations with the hardware as template before you drill.  One thing I learned is that I should be careful turning this item over to a less experienced coworker.

Another thought also came back to me.  Ease of installation affects product sales at times.  If two competing products step into the marketplace and one takes more time to install, that can quickly eat up the price difference. I am reminded of some of the stand-alone push button locks which had multiple wires running thru the door so were hard to install and hard to service. Human hands had to hold peices on both sides of the door at once as you found where the bolts connected them and you could never see then if you were pinching a wire. When one company found a way to do this without wires, it came in at a higher price and still sold well.

Some products will not sell if the right person does not name them to the client. If you knew how hard some piece of hardware was to install and how much reading between the lines you had to do, you skip it.  Very few products can not be substituted by other makers.

I am pushing a phrase from computers at this point. User interface. The instructions are the user interface for the product. Are the instructions as carefully planned as the product?

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached. And remember, keep your follower on the plug.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Saturday, December 17, 2011

Diving Deep Into Pi

There are many creative ways to generate key, safe and alarm codes.  Some are trivial and generate repetitive or patterned codes.  I am going to cover a few of these to avoid followed by a few to get you stronger codes.

Birthdays & Other Dates
During setting safe codes, you learn from the client the code you just set the safe to was derivative of some birth date or other anniversary. In one case, the safe code was always pulled from one date or other.  The problem is this generates a very small set of safe codes.  A past employee who knows the last code was derivative of a date, can guess the new code is too. (If you tell me, then you probably tell some of the staff too.) Another problem is this code is drawn from a small set since it will over choose numbers under 12, under 30 and even the year is not truly random.

Phone Numbers
See everything I said above. I should add that if you were to derive a code from two different phone numbers of people who most of the staff do not know AND never tell anybody you were pulling the code from phone numbers, you could do this sometimes.  If you repeat it often, you will fall into patterns regardless.  A fact of life, we run out of friends at times.

Address Numbers
See everything I said above.

Time for some better methods.

Internet Random Number Generators
Many of these give pseudorandom numbers in that they repeat -- eventually. Some give truly random numbers by sampling real world noise.  Either way, to make this work for you, get the web page to print a few hundred at a time. When you need the alarm or safe code, you can pick six digits from the page and you could read down or at some angle too.

This link will give you 1000 numbers between one and 999 999 into ten columns. (It does not pad zeros to the front of shorter numbers so 15346 is 015346.  To a minor degree, you are decreasing the randomness to add the zero at the end.)

Let's assume you are the head cashier and you told even one staff this was your method to get safe codes. Or somebody may have snooped at the computer, the printer or the connection. You want the code you finally use to be well hidden.  Part of this is pulling 1000 codes from the server but you could also pull 5000 codes and print all of them too.  Any reload of the page will do no good as it will give a different set of codes.  However, the computer and printer may cache the pages you are using.  Again, print a page or two and then pick one code.

Diving Into Pi
Modern mathematics gives up several decimal numbers which never repeat nor terminate.  One such number is the number Pi from geometry as the ratio of a circle circumference to diameter. It is now calculated to billions of digit but you only need find a web pages with a few million digits and dive down.  Like the random numbers above, you can get a printer to spit out pages and pages of digits.  You print and then pick the six digits you need either by standard reading or backwards or vertically or some other sampling.

Again, if you are a had cashier, save these pages in a secure place.  Provided you did not circle the code you used nobody could find the code from them.  However, a week later you could since you picked the sample the first time.

To get you started, here is a link to get the first million digits of Pi.
There are many other similar sites on the web.

There are also similar numbers to use in much the same way.
Square root of 2 or the roots of many other numbers.
Looking on the web, I found this great link page from NASA.  It gives several numbers to many decimal digits.

Something Approximating a Summary
One can use simple methods and faithfully do two things to get secured codes.  Mix up your methods and do not tell anybody how you derived a code.

The better system is to use a method which does not matter if they know.  Find a source for thousands of random codes and pick one. Next time around, you generate a few thousand more. I could learn your method and you still not 'guess' the code.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached. And remember, keep your follower on the plug.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ 

Monday, December 12, 2011

Master Key Exceptions

I have been building master key systems lately and mostly they have been simple tree structures.  There are times when you should vary from this. Some are statutory and some simply more practical. (I am not going to cite laws of my province or nation, since the net is bigger than that.  Get to know your local laws.)

A room or group of rooms should be outside the basic master key system if any of the following apply.

1. Cash storage or high value inventory.  If you ask staff to sign for the contents of a room or safe or till drawer, then you should isolate key access very strongly. If many staff travel about casually with keys, then cash or product shortages can not be traced.

2. Explosives. Lets keep these in the hands of only the licensed people.

3. Drugs. You may need to distinguish between OTC, prescription and narcotic type drugs. These are often treated differently in the laws which govern who has control for these.  Often the drug storage in a hostipal ward is under the control of only one pharmacist or a senior nurse.  Some drugs have street value and then during the day issues of armed robbery need be addressed and at night issues of forced entry need be addressed.

4. Forensic evidence. Police agencies collect objects which may have to later be used in court. However, accounting firms and others gather information which they may later pass to the police to generate charges.  For this to be useable in court, you need to show you have had continuous custody of the artifacts.  If not, the police can not lever your information into a search warrant and certainly not as evidence in court. Hence, private investigators need to have control of the keys to rooms holding records and artifacts.

5. Radioactive material. Workplace safety issues requires you keep untrained staff safely away from radiation.  Additionally, there are often federal regualation.

6. Personnel records. Employment records are best isolated from general access. Since you often have a janitor with a partial masterkey, this room will often get cleaned during the days. (Now that I get to it, many of the rooms above get cleaned during the day and often by the staff responsible and not the general janitorial staff.)

7. Accounting records in a server room. Your financial files are expected to be secured at the same level as paper records. The server room needs keying restricting it to only those who need access. (Regulations which derive from the Sarbanes–Oxley Act of 2002 in the USA may affect you and it is your responsibility to know it.)

8. Fire arms and munitions. Much like explosives and radioactive material, if you have these to store in a room, you know you have regulations governing their storage.

There are several ways to key rooms outside the master key system.  The worst is to simply pick a random key and pin the cylinder to that. Now you have to keep that as a record should you need to cut more keys. Often these rooms have very small sets of people with keys even having only ONE key in circulation which passes at shift change to the person on duty. If you pick a random key, you have to manually read through the pages of key records to assure there is no cross-over with any other room.

The better way is to plan for a small number of rooms to have master key exceptions and block them. All the keys are close together and the relationship to other key groups is clear.

These exceptions can be done in one of two ways.  The first is to have the key below the Top Master Key (TMK) with no intermediate master keys at all.  In a crisis, only the most senior staff can get access to the room. This might be how personnel records are kept. The other way is to set the lock as Single Key Different (SKD) with no master keys functioning at all. This is possibly better for drug and narcotic storage.

No list like this could be complete and the keys have to react to how the organization is structured. If you think I should add more categories, feel free to toss me a line.

And remember, keep your follower on the plug.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Sunday, November 27, 2011

Errors in ITL 9700A Flat Width Settings

I am gradually setting up a shop within my company to do locksmith work and most of that is master keying new construction projects.  I have a new ITL 9700A and ran a key to test calibration early on.  The specified cut depths on an SC4 came out fine both at the bow and the tip as measured by calibers.  I ran a depth key and put pins into an OEM plug and everything was flat and felt nice.  So it seemed the machine was good to go.

This last few weeks, I was tasked with setting master keys for two projects each of about 100 cylinders of mixed types:  mostly KIL but some rim and mortise too.  The first was on Yale GB and was going well until I did the block of mortise.  The cylinders were in two slightly different lots as a pair had one cam and one part number while about 8 others had a different cam and so a different part number.  These final 8 were all dragging as you turned the keys.  Some more and some less, but all dragging.  I took it the millings were holding up the key rather than letting the key rest on the bottom of the keyway at the shell.  I redid those few with bottom pins 0.005 inch lower and all was fine. This project was shipped.

I was then given the next project of about the same size based on Yale GC keying and started with the KIL cylinders and they started dragging at times for some samples of the MK or CK from the start. I then started looking deeper and found I could shift the key in the ITL vise and widen the cuts to stop this.  Also, when I pulled out the plug and looked at the pins at the shear line, the deep pins were rising while the 0 pins were not because they did not have a steep to hit.  I looked about and found the spacing numbers for the Yale G series and the ITL numbers matched.  It is a very tough item to measure on a key, but best I could the centres of the cuts did match the factory specification. 

I continued to pin but knew I had not found the problem much less the solution.  Some worked fine but some were dragging to turn.  This was heavy pressure drag and yet did not leave me impression marks even when I went to the sunshine. [My shop has poor light for this. We are working on it as it is killing me checking the third driver in on each end of a Yale plug.]  This was enough drag, some clients would think this is not even the right key.

I then realized I had a copy of the Yale spec which I had used my Professional Locksmith Association of Alberta (PLAA) presentation in October. A quick look at this says the flat should be 0.054 but the ITL setting used its flat #4 which is 0.048. A small amount but looking at the keys which I had cut which were at the MACS limit told me I could move up the flats and not risk anything.  I then went into the manual and defined a new flat width for #9 as 0.056 and recut keys.  After that, all worked fine.

I redid the flat width by setting up flat #9 and using a correction factor to get it to apply to my Yale keys.  Doing this means it disappears every time the machine is reset. I have to reprogrammed the Yale setting to make this permanent. I am thinking of moving back to 0.054 at that point.  Also is flat #4 of 0.048 used for other keys system?  I will have to check the factory specifications for Sargent and Corbin and Schlage.

This tells me that the first batch were not riding up on the milling at all.  A few pins were riding up since they were hitting the steeps closest to the shoulder.  I hope dropping the pins by 0.005 will not be a problem if somebody widens the flats to the factory numbers.  I doubt it but 0.006 was the error by ITL in the flat.

If you know of other problems in the ITL manual, let me know. I have worked one for years and found them usually robust but doubt this is the only problem.

Tuesday, November 15, 2011

Pin Usage Frequency in LAB Smart Wedge LSW005

I have taken on the role of setting up a locksmithing operation within a larger company which does many other related building tasks.  As such, I am the local expert on the insides of the locks.  There are many within the hardware specification department who know about lock functions, fire rating and finishes. It is a once in a lifetime chance as I buy tools to do the tasks which are on the horizon without too many errors and sitting on unused stock and tools.

To that end, I have purchased a universal pin kit -- the LAB Smart Wedge LSW005. I like the size shape and stock of this kid and it has reasonably appropriate tables on the lid for most of my work.  However, when first purchased each cell contains 72 pins and I have started to run thin on some.  I was thinking of doing a pin order based on the locks I will most likely see and wondered what sizes will run dry first.  Being the geek  I am, I gave it to a spreadsheet and analysed for Yale GA, WR5, Sargent LA, and Schlage. (I will run into Corbin System 70 in time too but this gets me started and then you have to consider both plug sizes.)

So what sizes won?  Not so fast.
Not all the pins were even used by these four key systems. From 165 thou to 355 thou the 11 sizes were never used once.  Although in the real world, they will get used for other less common brands or to fit a badly cut key to only one lock.

One size was hit 3 times [drum roll] it was 240 thou [cymbal crash].  The following sizes are used by two of the above systems:  170, 180, 210, 220, 260, 270, 275, 295, 310, and 330 thou.

 For those as nerdy as I, here is the table.

And remember, keep your follower on the plug.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Sunday, November 13, 2011

My New Keychain

Having built a garage last year, I finally put up a method to show my collection of 'funky' keys gathered over the last decade or so. It is a length of small link chain held to the ceiling by a pair of shelf brackets. Each key is then hooked by an open paper clip.  This photo shows about half of the first of two planned key chains

I have copies of all the common high security keys used here in Western Canada as well as some rarely used key types too. Some came from a large institutional client cleaning out lost and found and I have no idea what the key does.  Some were retired from service for one reason or other. And at this point, I do not even know how some came into my hands.

From a quick glance, I see the cheapest of all suitcase keys and dimpled keys to a fire safe.  At the far end is an RSA key.  Guess it is retired now.  The batteries died long before RSA had its breach.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ 

Monday, November 7, 2011

Unknown Assumptions Can Bite

We all make assumptions as we work and we assume those we work with are using the same one we have.  Face to face, you can verbally check on such things. However, when you have hardware to install, the only way I can know what assumptions the manufacturer is using, is if they are given with the directions. 

Allow me to go back a few years.  I was sent to a series of retail stored to add a simple block to modify the electric strike.  The strike allowed the latch to pass out the back so either door could close first.  The day started with 20 of these strange geometric aluminum blocks and a page of addresses.  Upon arrival at the first site, I found one dimension of the block was too big and it had to be cut and ground down.  I did it and thought this will take a while.  I did three that day all the same.  My times were getting better but not great. 

This is not the model under discussion, but it shows the open back of the electric strike.

The next morning, we made contact with the head office which had sent these out. They were concerned I had only done 3 on the first day.  However, I was sent to do more.  My second stop on the second day, I had a front door which was 2 1/4 inch (57 mm) built from the standard 1 3/4 inch (44mm) door with a plastic and aluminum liner of 1/2 inch (13 mm).  The part fit perfectly.  You put in two screws and done. 

It was then that I phoned the supplier.  Several things had gotten lost in the communication and to this day I know not where.  They had designed this for the thickened door and believe almost all of the sites had the same door. They also expected me to just report the actual door thickness if wrong so they could send out the different version of the blocks in the right quantity.  All fair enough but none of that got to me -- the only guy seeing the doors in my city.

Brings me back to a more recent install. I am going to be vague since this job is still ongoing.  Perhaps in a year or two I can say more.  I am a journeyman and yet was installing some door hardware I had not done before.  I read the directions and thought I had this under control.  Also, this is fire rated hardware so compliance depends on doing just that. When done, it did not work as required. I pulled it off and modified the instructions to get the function back.  The manufacturer had based the instructions on certain assumptions about the door construction which in hindsight are not required to be true even for fire doors. 

I have installed hardware of many type and usually such assumptions are clearly stated so that if some condition is not met, you change how you proceed.  For instance, if a hollow metal door needs a closer and you suddenly find it is the thinnest possible metal without any support behind, you can run sex nuts through the door.  However, all the big names in closers will state that they assume the door has support for the device.

I guess in summary, I just want people to be clear about the condition under which a piece of hardware can be used and can not. It saves the guy on the ground time.  And finally, if hardware is hard to install and there are choices in suppliers, easy of installation and repair is part of the decision making criteria. OK, so it is not the final say but I can live with that. 

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ 

Tuesday, October 25, 2011

Driving While Dangerous

Here in Alberta, there is a new law prohibiting the use of cellular phones while you drive.  It took the province long enough.  It seemed it needed some research.  I had been doing the research for years by observation of myself and others.  I found that when I tried to talk on a cell and drive, I made driving errors.  I had mostly stopped answering while I drove and now with the new employer I am directed not to answer.  Just as well.

I have to be clear, it is not just my errors I could notice.  I would see a vehicle drift over a lane line or just sway within its lane. Other times, you could see the vehicle slow down or fully change a lane without signalling.  Upon getting beside the vehicle, I could see the driver talking or even worse texting.  However, when I am beside a vehicle which I saw failed to stay in its lane, I felt in peril.  If the driver left the lane once it could again.

So I have started to honk my horn as I pass such vehicles thinking if I saw a lack of lane control a few times and now I am about to pass, I must be careful the driver does not move into me.  I honk a series of steady short blasts.  It is designed to 'wake' the driver up and get me more mental attention.

To the guy in the white SUV on Thursday morning on the Yellowhead Trail westbound at about 156 Street, that is why I was honking.  You looked both confused and angry and yet you did not hang up. I will honk again in passing you if I see you breach the lane lines twice before I pass your vehicle.  To the person to whom he was speaking, you bear some responsibility too.  If you hear a series of short horn honk, hang up and call again later.  Is any call worth that much??

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ 

Thursday, October 20, 2011

Love Twitter for Quantum Strangeness

[On consideration over time, I have deleted this post.  Twitter is still strange but I need not say it.  Those who wish can open an account and find out first hand.]
--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Wednesday, October 19, 2011

Compromised Fire Exits on Restaurant

Update on Sunday 28 November 2011:
I revisited this restaurant and saw two significant changes.  The sign over the large refrigerator which had been taped over was removed. A new sign was added above the patio door with the MS bolt over the exit device. The maximum distance from an exit is visually about the same. You decide if it works better now. I have no way of knowing if the MS bolt is locked or not.  The patio gates are still padlocked.  I can only guess the fire department did visit.


Update on Thursday 20 October 2011:
Occupational Health and Safety replied and tells me at times the health inspectors will forward concerns.  Good to hear. Nothing in the rest of the email suggests he read this blog post or even the original letter.  (It was clear this was forwarded to him internally and it may be others chose to clip it and remove the context needed for a better reply. Granted, the same could have happened for the other two respondents.)

My next adventure is to go back to this restaurant.  I wonder if somebody has found the place by photo alone. That is entirely plausible.


Update on Thursday 13 October 2011:
I wrote an email to our health inspectors and copied same to local fire department and occupational health and safety. The central questions was, "Are the Capital Health Inspectors required to notify the Fire Inspectors when an exit has clearly been degraded? OR may they officially do so?"  I quickly was sent a reply from the food inspectors and it was more a non-reply.  They told me the fire department does that inspection.  Left me wondering how detailed they had read my note. In the end, they are using their inspection in the narrowest sense and do not pass anything along to the fire department even if obvious and perilous. It was a short and mostly sad letter. (The health department had not copied the fire department their note to me for some reason.)

The fire department copy was forwarded internally and I was phoned.  I called the contact back and spoke quite freely. Inspections are routine or requested by the public. This speaker tells me they do get referrals from some health inspectors.  He also explained the form for the public to trigger an inspection I had seen on the web site is treated confidentially.  (You have to be known to them but they do not release your name to the site under inspection.  A fully reasonable policy.)

Still, I would like it that a more official channel was there.  A health inspector could just follow the letter of the law and see the cooler is cool enough and the heaters are hot enough.  Customer safety ends with the food equipment and handling. It is only protection of the public in that narrow sense.  Oh well, guess that is how it is.

No word back from OHS but did get a ticket number saying somebody will read it.  Fair enough at this time.


After telling others of this on Twitter, I finally visited a favourite eatery and got the pictures I promised. I have to admit that I have eaten here for a year or two and only noticed how bad the exits were more recently. Since it is Saturday, I can not find if the health inspector are required to flag such problems to the fire department inspectors who are the AHJ. I sent off an email and will update this posting as information arrives. (Deep in my memory, I am sure I have seen uniformed fire fighters eating here.  I am guessing they did not notice and yet this is all in the public spaces of the operation.)

I am going to start at the front door which has simple push/pull handles under a deadbolt. Well, a double cylinder deadbolt. The door is signed an emergency exit so only constitutes a risk to staff before and after the customers are present. We have all heard it, "We will only lock it when nobody is inside." I did not get a usable photo of this door.

Within the seating area, there is a glass door opening onto a patio.  This door is NOT signed an exit but is highly visible with its panic exit device under an MS deadbolt.  I could not confirm if the deadbolt was locked or not but reasonable to assume locked since it was cool enough the patio was not in use. (There is a sign slightly above this door and it points the way right toward the last photo in this series.)  I could not find a web connection for the sticker on the door so suspect it is a 'dummy' tag.

First, I would like to take a detour to the patio.  People exiting here will be on a fenced patio with one gate with another exit device. Although this is a terrible photo, there is a padlock holding the gate at knee level.  In the event of a fire, a chair would solve the problem on any of the glass panels.  (The padlock is lined up with the curb behind and so is not very visible here.  Strangely, a second padlock was sitting on a rail nearby with no apparent function at all.)

Finally, there is this door.  It is where the overhead sign mentioned about points and it too has an EXIT sign which looks like it has had the bulbs removed and red tape used to cover the word.  The door itself enters one end of the kitchen along an exterior wall.  I can only guess the sign was altered at the same time the big fridge was placed over the door.  Since you can see over the pass thru, you can tell the basic plan of the front of the kitchen and people could still exit via another door and walk past the grills and fryers. However, that door is NOT marked an exit for exactly that reason.

I could not evaluate the final exit from the back of the kitchen but the outside hardware did not make me optimistic either.

So if I may, let me post a completely plausible scenario.  Before opening when only one manager with a key is present, staff overheat a fryer and create an oil fire. This blocks the secondary exit, the patio is not an option and the primary needs a key to open from inside.

I have not named this location since I know problems like this are all too common and solving this case is not solving the problem.

 I was once asked during a night club renovation to put barrel bolts at the tops of three out of four exit doors on the front. On behalf of my employer, I explained the problem and declined and the owner was fine with that.  A few days later when my work was done, I saw the owners walking with the fire inspector hours before it was to open.  As I wrote my paperwork and the fire official wrote his on a different table, we were both in clear view of staff from the general contractor putting on the barrel bolts I had declined to install.  The owner got his papers calmly from the inspector and the inspector walked out the only remaining operable door. To make a stink that time, would have cost us a client and probably me my job.  Even now, I can not tell from our local fire department web site if complaints are written in confidentially or my name MUST be release to the business as part of the process.  Of course, I will name places if compelled to do so but why not have more eyes knowing the problem and professionally working to solve it.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Saturday, October 8, 2011

Fire Exit vs. Fire Sepation Doors

I just posted a comment elsewhere about a question of fire doors.  I find this topic very frustrating since there is a consistent language ambiguity which confuses the issue and hence the public including building operators.

A fire separtion door is labelled on the door and frame or at least was when installed.  The label includes a time this wall, frame, door and hardware is designed to hold a fire back on the other side. The testing is more complex but imagine a single sheet of paper taped to one side.  A closed latched door should keep the paper from burning even from just heat for that period of time. And to be honest, by the time the paper does burn a person on the other side of the same door is dead from smoke exposure.

Different doors have different separation values.  Where I live, a 20 minute door is needed from a residential living suite in an apartment block going into the hallways.  The staircase doors must be 45 minutes of separation.  There are also walls and doors rated higher.

The other type of door is a fire exit which is about getting the people out of the building and out alive.  Many doors are both but one which is NOT a fire separation door is that from the building to the exterior.  This door may require an exit device for people to exit but the door and hardware is not fire rated for separation.

Back to the language, I try to call these two types of doors by distinct names.   A 'fire door' means a fire exit in some contexts and a fire separation door in others and can be both at the same time.  I would like people to start calling one group as fire separation doors and the other as fire exit doors. Also, when you say it is a separation door, give the time as rated.*  I firmly think this will move building operators and junior contractors to know the difference.  To repeat, stop saying 'fire door'.

Or perhaps I am crazy.  You tell me.

* I once saw a 20 minute door in a 45 minute frame. Given the location, the 45 made more sense but all I could do was suggest the building operator check on this. I know he would not do so even at the time.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Tuesday, September 27, 2011

Photos and Names ... Please

I was on Twitter the other night and read a posting by a real locksmith who used a 'mug shot' in the profile.   There was a web address too and I just had to follow it.  Not a face to be seen and not a personal name either.  It was 'family owned' but so is every mafia front company.

We all know how this goes.  A company really only exists because of the people within it.  We do the work and the company pays us. Simple really. What sort of company does not name the owners or staff?  Think of it a bit.

One type is where there are so many it is impossible to keep up and where each is so interchangeable with the next it matters little who each person really is.  Or it is just so large it is hard to know where to start.  You know these companies by reputation and you may not get a GREAT product but you know where to find some level of manager.  In this group think of MacDonalds or IBM. Such web sites do not have staff often but have locations and detailed phone numbers. 

Another type of company has no pride in its service and no interest in you as a customer.  You are as replaceable as the crowd at the midway.  Next week its a new city and the carny who never cared before is seeing new suckers now.  In the locksmith trade, these are the call centre operations.  You can not find who they are since they have no interest in that.  You can only see one phone number and it is for booking a job only. 

And I keep hearing questions on how to fight back.  How do you keep shady operations from undercutting you with poorly trained staff doing shoddy work?  Of course they charge less for less.

Locksmith fight back by setting up web pages which show you are in this for the long haul.  You give an address and your names.  You show photos of your people.  You show the training of your staff.  I am a Certified Journeyman Locksmith (CJL) in my province. Spill folks.  If you bought a business licence, toss up a scan of it.  Show the ALOA registration card for the last conference.

And stop letting government off the hook.  If they have regulations for business licenses and criminal record check for locksmiths, ask they get some enforcement. Often they will say they wait for consumer complaints. Easy answer but nothing stops governments from protecting the consumer before many get ripped off.

And lets also be real here.  In the end people do business with people -- even if the money sometimes flows from company to company.  When you answer the phone you say your name.  When you pass out a business card, you say your name.  The call centres can never do this since they are not in your city.

So ... are you going to have your name and photo on your web pages or not?  It's your reputation. It's one more chance to differentiate yourself from the rogue elements.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ 

Friday, September 9, 2011

Mapping Computer Security onto Physical Security: Two Factor Authentication

I just heard of the hack of the Twitter account for @nbcnews* from @gcluley in the Naked Security blog.  In the post, he suggests "an additional level of authentication" which is the idea of two factor authentication.  To access the account, you verify two kinds of data at once.  I will not go into how this is done with computers but there are a few ways.  The problem for Twitter -- and the end users -- it is slightly more expensive and not as convenient.  The computer security people and locksmiths know that the average 'joe' will torpedo security measures to get convenience.  In work environments, clear articulation of required protocols will lessen such failures for both the computer and physical security.  Without monitoring, however, you will find it hard to discipline for breaches.  Likewise, if you can not show action on small infractions, a firing for a large infraction is hard to support.

In my world, two factor authentication happens for high value targets.  One example would be some storage room with very controlled inventory such as narcotics, weapons, ammunition, explosives or sensitive documents.   The room is only to be opened when two people are present.  We set it up with two locks and each is keyed differently.  The locks are almost without exception high security types with UL 437 rating.  (In other parts of the world other standards come to play. The idea is very tight control on production of additional keys and the cylinders are very resistant to non-destructive bypass methods.)  Typically, a shop would make two keys only and one is put in service and the second is given to a superior who will often receive it with such a tight grip the blood is not getting into the knuckles around that key. 

In use, one key is signed to one staffer and the other key is assigned to another.  Having seen such rooms, they often have alarms for just this space and you just KNOW the two people each have to enter a different code to turn the alarm off.  Where does this fail?  One mode of failure is when the key is easy to copy and one staffer can get the other key.  Another -- and I have seen this -- is when the operation is short staffed and makes the choice to sign both keys to the same person. Another one would be a corrupt locksmith who supplies more keys than declared. As with any security process, there are certainly other modes of failure including some which may have not even been found yet.

Another common dual custody situation is often done in large retail operations where the cash office signs a deposit off an armoured truck team.  The staff in the cash office will drop the deposit into a chute inside a big safe where the deposit sits unreverable in the lower compartment.  When the truck comes, they know one of the lock combinations for the depository but only the store staff know the other.  In this way, the safe with the most money does not get opened unless both are present.

All for now, but I have been thinking of mapping the issues of computer security faults into the real world of keys and locks for a while now.  Consider this chapter one.

* Since this account has been compromised, it makes little sense to link to it.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Thursday, September 8, 2011

The Triangle of Security - Convenience - Cost

The Triangle of Security - Convenience - Cost

In dealing with clients, you often have to remind them that some goals to some degree are in conflict for a project or even just one door.  In a past post, I spoke of how secure a lock is based on 3-T's of Time, Tools, and Training.  For the most difficult safe containers you need all three to even hope to open it.  With doors,  you can make a few concessions in your training or tools but only if you take more time.  It is a balance but eventually when you compromise on all three, you really can not open a locked door with anything more than a 'police pick' -- kick it in.

The work of hardware has a similar triangle. I can get better security from an ordinary door by using a mortice block instead of a cylindrical lockset.  However, it is at higher cost for both the lock and the door. You also get more convenience with the mortice block as more functions are possible and the lock cylinder can be quickly changed out.

Clients want convenience to get into rooms or out.  The out direction is often defined by fire exit codes. When a door has to plausibly serve 100s of people fast, the opening must have exit hardware.  That is more expensive than door knobs and always will be.  For entrances where you need to allow the frail or handicapped, lever sets are needed over knobs, but again those have a higher price point. For the ultimate in easy access, install an auto-operator.  One simply pushes a button and the door opens.  Convenience costs money.

A good example of a secure door with ease of access is an electrified exit device with a high security cylinder in the outside trim. Everybody enters using a RFID fob and PIN number and then the door pulls open.  It is under camera and I am guessing when you scan your fob, the camera image is tossed up beside the photo of the person associated with that fob to some guard desk. It would be consistent with the place. The key was given very limited availability and I am certain would trigger a forced-entry alarm if used as it would be opening the door without an audit trail getting a name. (For doors on access control which have this set up, the alarm system can not tell the authorized key holder is opening the door from somebody just breaking in with a wrecking bar.)

Now I can get you low cost too.  On some back exit from an office block where it goes outside, you can supply grade 2 panics which are not fire rated.  The parts look thin and you know they would pry open easier than the best grade one devices.  There is one model with a terrible way to hold its rim cylinder in the outside trim.  A big screwdriver could rip that cylinder out. Where the best models will hold onto the door with up to 6 bolts, some of these will use 2.  You get the point.  However, the client wants a low price and as long as you explain the limits of the hardware you are providing, it is fine in my books.

Really, the summary of all this boils down to "You can have it all, but not all at once" or 'You get what you pay for".

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Wednesday, September 7, 2011

Artificial Code Restrictions on Safe Locks

If you service digital locks at all, you will find the methods for how some people select the code. The convenience for the end user to set a combination, also means they sometimes choose poorly. The most common group 2 locks accept a six digit code and so have one million theoretical codes.  Some are in use as instructions or factory codes and you really should also toss out stuff like 111111 and 999999.  This means there are less than one million but it is very close.

The process used to get a new code is often done with some method to help memory but it has the problem of significantly restricting the available codes which are selected from at any time.  This is less of a vulnerability during a midnight break in where the intruder knows nothing of the safe except that it has to be in here somewhere.  However, the greater risk is from unauthorized staff or former staff who may have seen somebody open the container or know the system used to get a code.  I once heard a manager tell another the safe code is always a six letter word spelled out and it was said with unauthorized staff in the room.  (The risk here is lessened by this being a locked office to which only the managers have keys and the place runs 24/7.  However, why was it lessened at all.)

With that, I am going to explore the mathematics of how some of these methods of code restriction affect how many codes you are really choosing from when you could be selecting from a pool of almost one million.  I have built these around the LaGard 33E keypad (seen above) which is very common in the North American trade.  There are other keypads and while the shape differs the fundamental problem persists. I will show and discuss these below.

Doing Some Lines of Code

One of the common methods is to choose a pair of straight lines to get the six digits needed.  You can write out all the common 3 number blocks on the face of the above keypad and to get more codes I have even given the three number crooked lines.

Simple Lines
123 & 321
456 & 654
789 & 987
147 & 741
258 & 852
369 & 963
580 & 085

159 & 951
357 & 753

Humps and Valleys
426 & 624
759 & 957
153 & 351
486 & 684
709 & 907

Arrow Points
157 & 751
268 & 862
248 & 842
359 & 953
426 & 624
759 & 957
153 & 351
486 & 684
709 & 907

Assuming the end user gets no fancier than this, you have exactly 46 sets of three number blocks. Since a code would be any triplet followed by another, the possible codes from this system is 46 x 46 or  2116 codes. 

So let's be clear.  You have thrown away over 99% of the possible codes to make it easy to remember.  It does not seem a good price to pay for the memory advantage.

Six Letter Words

End users will use a six letter word to make a code. Doing this, 'lemony' gets you '536760' on the LaGard keypad above.  In any such list, there are words which many users would know like 'mammal' and words few would know like 'meloid'.[1]  If you are looking for a simple way to learn the code, the codes from common words would still be more common than chance.

I could find no definitive source, but his page claims to show the six letter words in English.
It does not give a count.  I printed it in small type and counted a few lines and counted the lines to get this at about 15 000 items.  This roughly agrees with another sources I found. 

There are two ways you can get more choices for code.  You can use a phrases of shorter words to get to six letters such as "big egg".  Also, shorter nouns can be pluralized or verbs moved to another tense to get to the needed 6 letters.  On the other end, it is possible some of these words convert into the same 6 digit number since some keys have three letters which all give the same digit.  I can think of no way to research how many codes this would get but it could be roughly double the number of 6 letter words.  So lets assume we get to 30 000 codes.  The lock allows just shy of a million codes and this system leave about 97% of the possible codes unused.  I would say not a good choice either.

Other Key Pads

You can see from these other pads two types of variations.  If they arrange the numbers in a different pattern, the method of getting lines of numbers changes slightly. As such the number of lines change slightly but the basic problem exists.  Also, sometimes the mapping of letters onto the number keys is different so the same word will generate a different code. [2]  Still, English still has the same number of words and six letter phrases so that problem is the same. 

However, some of these allow for codes longer than six digits or even allow codes of various lengths at the same time by different users.  While this changes the numbers the ratios become even worse not better.  You are still tossing out more codes than you are keeping to do either method above.

Sargent and Greenleaf. Like our example but the letters are under different numbers.  It does not always take a 6 digit code.

AMSEC keypad.  Another common brand.  Notice no letters.
LaGard Basic Keypad.  The numbers are in a different shape so the top line could give 123 and then 234 while the verticals could give 269 and 370.  Still limiting.

Found on the net.  No more detail than that.  It just looks fun.
A gun same.  No letters to guide you. Has a key over-ride so if you do forget the code, you can still open it.
A common hotel same.  Only takes 4 digits so only has 1000 codes. More secure in that you do not store anything in it for a long time which limits the time for a person to hack or learn your code.  Typically, upper management of the hotel can over-ride this lock and also open this safe.

Some Methods to Choose Better Codes

Well, almost anything is better than those above.  If a method tosses out 10% of the possible codes, it is probably workable.  Here are three I like and since you do not know which I am using when, good luck working backward.

The phone book gives lots of numbers.  Go to some page which you can remember such as page 39 -- my age, honest.  Choose the last two digits of the first three numbers in some column.  My code would then be 55-57-28.  I would have to remember which phone book, which column, my system and my age.  (I have also chosen the last digit of the last six phone numbers on the page.  My code would now be 769850.)

A little old book of math tables.  You find these in old book stores often for a dollar.  They have pages and pages of numbers of things like the cubic roots of all the numbers from one to 100.  Go to some page which means as much as a tax table to you and find any six digits in a row.  Next time choose another page and point to pick your 6 numbers.

Nice little book from 1918.  It was the 'calculator' of its day along with a slide rule.

Carry a few pages of numbers from Random Org ( and when you want a code just pick 6 numbers.  You could toss this out from time to time and get a new one. (Do not circle or mark the numbers you choose.  If somebody finds the pages, it is giving away too much information.)  Or, if the screen is right there, just pull up the page and use it once.

There are also many other systems to find collections of mixed up numbers and if you go to a different source each time, then your safe code will not fall into a pattern.  My goal was just to dissuade you from using two systems to get a safe code which clearly lack the random nature needed to give you the security you paid for in this safe with this kind of lock.


[1] I do not know this word.  I hope I did not just swear!  (Well, just looked up and it is a group of beetles.  So relieved.)

[2] You might have noticed that telephones arrange the keypad with 1 on the upper left but computers put it on the lower left.  I went looking for the reason historically, but closest I found was this from How Stuff Works:

Friday, September 2, 2011

A Security Audit OF a Locksmith, Round One

Commercial locksmiths love when a bank or some other institution has a security audit since it often gets the shop work.  You get work right after the audit and sometimes in the week just before the next audit.  I also know the auditors find all kinds of accounting and personnel procedures to change as well but that does not get us work.  In all this, I was wondering if anybody with serious security concerns was looking a bit deeper.  With that in mind, I have written a series of questions to audit the locksmith since the security of the end user is partly dependent on the diligence of the locksmith shop.  There are occasional robberies of shops after all.

I am not making any comment on any of the shops I know.  Also, I am trying to strive for best practice at all times.  However, answers need to be realistic in the real world we all work.  I have chosen to toss out the questions first and invite anybody to add others for later revisions.  After the questions, I will give my thoughts on what is best practice for each item.  I fully expect 'not applicable' will be the correct reply for some shops to many of the questions.

Yikes, did I ever open a bucket of worms.  I keep finding questions about areas of vulnerability.  I am tossing these out now hoping I get some ideas of other questions to ask.  I still have a page of question on staffing I have not typed.


Physical Security

(This set of questions should be answered for each building used by the locksmith where it has multiple locations.)

Does the shop have high security locks on all exterior doors?  Do all exterior doors have deadbolts with 1 inch or 2.5 cm of throw? Are astragals or blockers in place if appropriate? Do cylinders have taper rings to limit extraction? Are all doors code compliant as emergency exits?

Are the exterior door of good enough construction to resist some physical attack?

Would broken glass in the door or sidelight be an effective way to open any door?  Are all such glass surfaces coated in security films?  Does breaking glass trigger an alarm?

Are records kept in an interior locked room also with a high security key?  After hours, would an alarm condition exist before an intruder reaches this room?

Does the alarm system have contacts on all doors and openable windows?  Does it have motions sensors to cover all interior space?  Is the alarm monitored?  Does the alarm have battery and cell phone backup?  Is the cell phone back-up guarded against a fast disable?

Does the shop have interior space monitored by cameras?  Do the cameras have IR ability?  Where does the signal feed?  Backup?  Offsite backup?  How long are the files or video tapes kept?  Are the record secured from tampering?

Are any exterior walls vulnerable to a mining attack from outside or an adjacent building? Are all places directly inside under a motion sensor?  How far could an intruder move before tripping a double hit on the alarm?

Record Keeping

Are files with master and restricted keying records kept locked in a cabinet or safe when the business is closed?  Give the rating of the this cabinet or safe.

During business hours, are they also secured from non-cleared staff? 

Is there any leakage of key codes or other sensitive security information into the accounting stream?

Are ready-to-use keys kept in the files associated with the building they operate? 

Is any kind of encoding used on key records sent with staff outside the building?  Are keys tagged with the function and location?

How long are dormant files kept after the last work done in a location?  Is the building or operation notified of their destruction?

Who owns the keying record of the building and how do you make this clear to the end user who buys a master key system?  Is the end user given a choice??

(Whole page of questions pending.)


Are old master keys decoded before planning new systems?  Is this done in a way you can reasonably know all the old keys are retired?

Are all keys shipped to the end user with standard codes?  Could they be shipped without code if asked or fully blind codes??

Do you keep off site records off all the key system files you have on record?

What computer systems exist connected to the internet?  If a trojan was ever installed what kinds of data could leak?
___ keying charts  ___ client names ___ financials  __ emails  ___ quotes
___ others, specify __________________________________

Of computers not connected to the internet, are they systematically backed up?  Are the systems checked for viruses from sources like CDs and USB sticks?  Is data stored overnight as encrypted files?  Good encryption??

Are all laptops in use at the site equipped with recovery software?  Do they encrypt key data?  Will it erase if a brute force attack is tried?

Are all passwords strong on all critical systems?  No really … how strong are they?   Are they written on paper but only in a safe?

Get back to me with more good questions you think would help this topic along.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Thursday, August 25, 2011

Some Cruise Ship Doors and Hardware

I took a cruise in the winter.  Always good to escape my climate in February!  Since I had not been on a big ship before, I spent an afternoon photographing the hardware as seen in the public spaces.  I was even lucky enough to speak with the ship's locksmith for a short time.  [I am deliberately not saying the name of the ship and should you recognize it, I ask you not to say the name in the comments.]

At various places to provide noise or wind separation, were sets of push/pull doors like this with the most amazing glass knobs on both sides.  These did not latch so had no fire rating but created a weather vestibule on the other side along with the door below.

The outer door was the primary weather seal.  These were immense wood door pairs with double seals along the inside as you see.  The hinges were already showing the signs of rust and this ship was only a few years old.  Since I have not lived on the sea, I was shocked how fast the salt would start corrosion. 

The closing hardware on this door shown.  European profile with an oval cylinder.  I have had these apart a FEW times.  At first I was surprised by the lock function as it seemed it would only need to be passage.  Why would you want to lock people out on the deck?  I was told it was for emergencies if the ship needs to isolate a deck or section to keep guests out.  

This is an interior fire isolation door sitting in a wall recess.  I spoke after my photo tour to another passenger who had never noticed these doors and pairs of them were in about 8 locations on every public deck.  I was not surprised as the general public really does not see life safety hardware.   These doors were in pairs and this is the active leaf so it must close last and open first.  The inactive leave is out of frame to the right and it has automatic flush bolts once closed and it controls an overhead coordinator which is just removed from the ceiling.  I never measured but the hall was 8 feet high or a bit more.  The ship was finished in Europe so might be better to guess at 250 cm. (I photographed the fire rating label.  Or what I thought was the fire rating.  Lacking Italian, I can not be sure and not clear time was given on it as near as I could tell.)

This square at the bottom corner puzzled me for days.  A slight push with my toe and it would hinge back until hitting the wall of the recess.  I finally found a staff member to ask and it is for a fire fighting hose.  As soon as I was told that it was obvious.  Similar to prisons, you can not really evacuate the whole structure. Fires have to be fought from adjoining sections and containment is needed to stop the spread.

Well, all for now.  I am trying a new editor on Blogger and formatting of pictures is not happening smoothly and yet the text is doing better.  This post looks good to me, but if it does not to you, feel free to toss me a message with perhaps a screen shot.  Thanks.

Monday, August 22, 2011

Talking to a Client Getting Access Control

I have dealt with a few clients who were getting access control and realized they did not always know the questions to ask.  Usually, I am speaking when the access control contractor is not present to answer these questions.  I thought I might comment from my point of view.  I have seen these give problems since the access control is already going in but after a bit of talk it is not clear the end user knows of the lock issues.   (Modern systems use prox or proximity readers often embedded in cards.  There are several types of credentials, but I will just call them all cards.)

Several examples of many I could find:

Do you still have a key operated way to walk from the outside of the building to the power supplies and the controllers?

Power goes out and if you can not get into the building, you can not check function or its real security.  Also, the computer which checks the credentials may shut down in a power failure or for 1000 other reasons.  In the end a few people should be able to access physical keys to get to this critical infrastructure.  Often, people think this means carry that key all the time.  Not necessarily.  I can think of one building operator who carries a key for the exterior and the office. Once in there, further keys are available.  (Advise to everybody: If you need a key once a year store it where you have access at that time.)

Who has the keys to bypass the card reader doors?
Access control systems have two great advantages. First is that only those with a valid card can go through a door. Second, you have a record of who and when opened the door and just as importantly when a card was denied.  This second part is called an audit trail and if you ever hope to use it in a legal process it has to be as solid and complete as you can make it.

Getting a valid audit trail then involves changing the keying on every door used in the access control system if anybody who now has a card formerly had a key.  (The exception would be if it is truly a high security keying systems and you can account for every key.  In this case, high security means the locks and keys are UL 437 standard rated.)  This generates only a very simple keying system for these doors since daily operation is not using the key so many can be keyed alike.  A separate master key may exist to open the path to the power and control units.  Typically after implementation of access control, a large building would have less than 10 of any of these keys.

Are you also getting cameras on critical doors?
Many organizations move to access control since they have so many staff.  Any large staff has some level of turn-over and it is cost effective to be able to disable one card at a time without affecting any other staff member. Also, you do not need to collect the key to 'kill' it.   However, most of these staff arrive at once and so many coworkers will open a door and hold for the next person.  It is polite, but may not be appropriate for your needs and a camera can show that happening.

Also, if you ever take legal action the card opened the door.  It is often helpful to say who was the person holding the card at that point when the card was used.   A camera on key points of entry can solve many of those.  (There are high security systems which enforce carding in and out rigourously.  Key points are then monitored by armed staff.)

This can also help with contractors like perhaps the photocopy technician.  You have to set up a few visitor cards with some limited access and a paper sign out process.  If a card goes missing, it can be deactivated.  A camera will tell you when that person left and if anything was moved out at the same time.  I have seen a case where my visitor card ended up opening EVERYTHING.  In the case I am thinking, I did not need into the cash office and if I had to be there should have been under escort.  So the escort would open the door.

Does key use generate a 'force entry alarm'?
If you want a full audit trail, everybody needs to be uniquely identified when they enter a door.  Since you must have key holders for emergencies, they should have a card also and use it.  When a key is used to open the door, it should register as an unusual event in the audit logs. From the wiring point of view, this is exactly the same as somebody prying the door open so it goes into the log as a 'forced entry' in most system.  A door needs an inside motion sensor to make this work so it has a way to tell if somebody is leaving.

Are blocking plates planned for every cylindrical lock set into an electric strike?
This is a cylindrical lock since it fits into a round hole in the door.  You can see the deadlatch at the end sitting beside the main latch.

There is a systemic problem with the deadlatch of a cylindrical lock falling into the keeper of an electric strike.  The installer can fine tune the spacing and get it right.  It NEVER lasts.  Well, maybe it does sometimes but I have seen it fail too often from simple door shift.  Once this happens, two problems occur.  The first is the extra pressure on the keeper acts as load on the strike and it fails to release on request.  (In the short term, pushing or pulling the door into the frame will take the load off and let you in.)  The second happens on outswing doors.  The dead latch is now out and any little screwdriver or knife or fingernail file can walk the main latch back and open the door.  Once you see scrapes on the latch, you know it is already happening.  Most doors will take off the shelf blockers which install quickly to stop this and then you can adjust the keeper to always let the full latch fall in.

Who controls the computers?
Access control moves building security partly away from building operations and over to the IT department.  Even if the hardware people assign and track the cards and can read the audit trail, the computers this lives on gets maintained and secured by IT.  Given this, it means the server to do this job should be physically isolated like a cabinet which holds master keys. Check that it is. What it takes to secure a computer in these days is beyond me. However, my reading suggests vigilance is vital -- as it is with all security concerns.


Since access control is a bit beyond my scope, I will stop asking questions now.  If you are the client, you should not do the same.  Every question you ask, may solve some security hole you have not seen yet.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Friday, August 5, 2011

Worn Keys and Copies of Worn Keys

To work in a shop, is to have people walk in with a very worn key to their house or car. It still works but they want a copy. With one look, I know it is not that simple. Sometimes I know a copy of the key will work fine and sometimes I do not know that.

Let's start with what I like to see. For most keys, you should see small flat areas on the key and these are where the pins or wafers are to rest on. Between each flat is some kind of ramp or peak to allow for the key to insert and withdraw. The steep parts should be even and smooth. This is a well cut house key.

You can see the 5 flat areas and the peaks between have very clear starts and stops with nice 45 degree angle slopes. If you look down at the cuts, you should see smooth cut surfaces. This photo shows the lines the cutting wheel made going up a steep. You should see these or very lightly. The key on the left is worse in that the lines are more visible and deeper. This makes your key into a small file which grinds the bottom of the pins every time you use it. Cut marks are visible if one or more of several things happen:
-- the cutting wheel was dull, or
-- the carriage was moving horizontally too fast, or
-- the cutting wheel is dull.

This is a worn key which has had time for any cut marks to be worn down. Even as a pro, I can not tell where one cut starts and the next begins. It may work fine. It may work good. Often you ask the client if it works and they will say 'yes'. The problem is it works for that person since it has worn out with use. The person has learned the sweet spot to hold the key or puts up with a bit of jiggle to get it to turn. I can feel the same lock and know the fit is just not right but the worn key does work ... if you wanna call it that.

However, if you duplicate this key, the copy may work or it could be worse. Basic key duplication is like a photocopy machine for a page of text. The machine can be better or worse but if you serially copy the copies enough, the errors build up. I can tell the key above is NOT a factory original since it is not on a Nissan blank. (Given the age of this lock series, the car is a Datsun and the original key would say that in work or logo.)

However, in the trade you do much like the hardware stores and usually just cut the copy and give a warranty that should it now work, the customer can bring it back. Unlike the hardware stores, I often know the most likely key copies to have problems and I have alternate methods to solve the problem should the client return.

A comment on key machines. The machines I see in hardware stores are semi-automatics worth $800 to $1000 but sometimes less. They can be re-calibrated if they are not cutting correctly but the staff lack the tools or skills to do that. A good lock shop will spend $1500 or more on the duplicator and since we know we have to cut keys for high precision locks we keep the machine checked for calibration. (Some locks demand highly faithful copies and the hardware stores do not even stock the blanks for them. Why should they since I doubt they would usually get a key precise enough to work?) Calibration requires tools and time and using up a few key blanks.

Don't worry too much. If your house key says WR5, WR3, KW1 or KW10, a cheap duplicator will work fine. The machining inside the lock will forgive all kinds of mistakes in cutting copies of your key. The sloppy workmanship making the lock also keeps the cost down and makes it so I can pick the lock easy should you be locked out. Have a nice day.

Tuesday, June 21, 2011

Revisiting the Security Maxims

From "Security Maxims" by Roger G. Johnston

Always material to mine here by comparing these broad general statements to my work in physical security and so I started reading through them again and found this:

Low-Tech Maxim: Low-tech attacks work (even against high-tech devices and systems).
Comment: So don’t get too worked up about high-tech attacks.

Indeed they do. You can put a high security deadbolt with a high security key on a door and if the bad guy can kick the whole door in or pry it open with a big screwdriver, they are just as 'in' as if they had the key. Seen it.

This also applies to picking attacks on houses. It seems there are few since most houses here in Canada can be breached with a big boot. Why invest in subtle when blunt is faster and more reliable? The criminal implications are the same either way.

Oh, here is a different example. I was doing work in a mall kiosk and one of the staff complained his Audi was broken into so they could get at his iPod and its charging cable. Really? He left them visible? No, he had them in the glove box and only the male end of the cable could be seen. They broke a window and it cost him more for the window than the iPod. Remember folks, all car windows break about the same.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Monday, June 20, 2011

"My Key Has Lost Its House."

It is amazing what you find when you scour the net for interesting 'stuff'. I stumbled on this poem and thought it worth a share.

From the 2004 book
"After Every War: Twentieth-Century Women Poets"

Translations from the German by Eavan Boland
Original text by Rose Ausländer entitled Mein Schlüssel


My Key

My key
has lost its house.

I go from house to house
but none fits.

I have found
the locksmith.

My key fits
into his grave.

--- --- --- --- ---

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @

Sunday, June 19, 2011

That's how it works! Inside a door lock.

On another site, I found this excellent animation to show how the inside of a pin tumbler works. Have a look! You can see at the start the pins cross the shear line and so the plug could not turn. When the key is fully inserted, the line separating the bottom pins from the drivers is flat with the top of the plug and so the key can now turn the plug. The rotation step is not shown here.

I found I had to open a account to post the image there as an animated GIF and link to it. I sent thanks to the GIF creator and you may follow the watermark to that blog if you wish but be warned, it is NSFW and has significant adult content.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @