Re: Master Lock random key code generation/distribution Fails

[Hon1nbo <hon1nbo.list () gmail com>]

This still reduces the overall key space to only a handful in a given
year, over a large area covered by distribution centers, compared to the
full key space of any pin tumbler lock.

Rather than carrying around thousands og possible keys, only around 52
assuming a new stock every week for a particular lock. If the store
orders a larger batch and every two weeks, then 26 keys.

-Hon1nbo

On 3/26/2014 4:38 PM, Daniel Miller wrote:
> On 03/26/2014 02:17 PM, Jimb0 Hon1nbo wrote:
> > First this is not a physical finding in the normal sense, but a finding
> > that Master Lock does not properly generate key codes differing in each
> > batch, or that they do not randomize distribution of said key codes.
> >
> > After visiting a home depot, I found the following problem: among every
> > model of padlock with a key, each model was matched in key codes for the
> > entire model stock. I walked in for one set of matching locks (a little
> > three or four pack), and I walked out with multiple sets all matched
> > (will
> > I trust these locks, no). WE checked every lock in stock and they all had
> > the same issue.
> >
> > Example, every if buying Master Lock model "A", every model "A" would
> > have
> > the same key code.
> > If model "B," every model "B" has the same key code.
> >
> > This means that with every stock a store like Home Depot receives,
> > there is
> > only one key combination for each model of lock. If a store only
> > receives a
> > few shipments a month, then there are only a few possible keys. If that
> > store happens to be a large, if not only, source of locks in the area,
> > then
> > you have the probable key combination at each store
> >
> > attached is a photo I took showing a matched set I pulled off the
> > shelf to
> > buy when I found it.
> >
> > PS: This is not the special order contractor stuff that is designed to
> > have
> > the same key code, but individual packaged products on the shelf.
> >
> >
> > -Hon1nbo
> >
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> Hon1nbo,
>
> I worked at a Home Depot for 4 years, and I can confirm that this is
> standard practice, not only for Master locks, but also for the common
> household entry locks like Schlage and Kwikset, though in those cases
> the lot sizes are smaller (2 sets of 3 like-keyed boxes in a case of 6).
> This is for the convenience of the customer who wishes to have a set of
> like-keyed padlocks for their home and does not want to pay a locksmith
> to rekey them.
>
> Although all the locks you checked that day were identical, the chances
> of a burglar finding the customer who bought the same lock within a week
> or two (locks are fairly high-volume) are low compared with the relative
> ease of picking them, destructive entry, or just finding someone who
> didn't lock their stuff up.
>
> Dan

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/