Even more surprising thing is that you'd need some leak to pick this tiny lock. ...

munchbunny · on Sept 10, 2015

For most TSA approved locks (the 3-digit combination locks) you can pick the rotating wheels to deduce the combo much more reliably than picking the keyhole, and you leave no trace.

I guess what I'm saying is that most TSA approved locks were already quite vulnerable to anybody who really wanted to pick them with or without a 3D printer.

rjaco31 · on Sept 10, 2015

Well AFAIK, each lock is unique, and while it's easy to pick each individual lock, it's harder to guess or derive from a few of those locks the master key that'll actually open them all.

pfooti · on Sept 10, 2015

That's generally not true. For example: you could buy a few copies of the same lock and take them apart. Unless there's something Really Funky going on, you can use the master oracle method as well (start with your working key, and change one pin at a time to derive the master key, as most locks with a master can be opened with all the pins set to the normal key and any one pin set to the master keying.

I'd say what this "leak" really did was (a) show the world that real security is hard to think about, and (b) make it easier for normal folks who don't know about how locks work to impress their friends with their ninja secret agent tools.

Really, this is all just a parable for the big fight over encryption. Do you really want to trust a government agency with any kind of control over how we lock down our stuff? Newp, nope, and noooope.

munchbunny · on Sept 10, 2015

The real problem with these locks isn't the key, to be honest. The vast majority of TSA approved locks use a three digit combo, and I've yet to find a three digit combo lock that doesn't have a glaring weakness that lets you deduce the correct combo with a sheet of printer paper and sensitive fingers.

There's a small number of TSA approved locks that don't use the three digit combo. Those are a bit tougher to crack.