Why don't more high-end locks use combinations?
#26
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
The Bowley padlock and the Forever V.2 bike U-lock are nigh unpickable. Angle grinder, under a minute.
It's well established that a powerful angle grinder fitted with a quality cutting wheel and with a freshly charged, high capacity battery will go through any bike lock known. (I was sorry the Skunklock Kickstarter fell through.) About all you can hope for is the thief's grinder is inexpensive, the cutting wheel worn and the battery weak, and perhaps running her battery down before she cuts all the way through both legs of your double bolting U-lock:
There's a school of thought that once you get to the quality/mass of lock that makes a thief resort to an angle grinder, any further upgrade is a bigger hit on your budget and more weight to tote while only costing the thief some few extra seconds. Adherents to this philosophy use Abus 420s or Kryptonite New U Evos and call it good.
It's well established that a powerful angle grinder fitted with a quality cutting wheel and with a freshly charged, high capacity battery will go through any bike lock known. (I was sorry the Skunklock Kickstarter fell through.) About all you can hope for is the thief's grinder is inexpensive, the cutting wheel worn and the battery weak, and perhaps running her battery down before she cuts all the way through both legs of your double bolting U-lock:
There's a school of thought that once you get to the quality/mass of lock that makes a thief resort to an angle grinder, any further upgrade is a bigger hit on your budget and more weight to tote while only costing the thief some few extra seconds. Adherents to this philosophy use Abus 420s or Kryptonite New U Evos and call it good.
Last edited by tcs; 04-07-19 at 07:22 PM.
#27
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
#28
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
Last edited by tcs; 04-08-19 at 09:50 AM.
#29
Me duelen las nalgas
Join Date: Aug 2015
Location: Texas
Posts: 13,513
Bikes: Centurion Ironman, Trek 5900, Univega Via Carisma, Globe Carmel
Mentioned: 199 Post(s)
Tagged: 0 Thread(s)
Quoted: 4560 Post(s)
Liked 2,802 Times
in
1,800 Posts
The Lock Picking Lawyer would probably be the first to admit that few thieves would bother with trying to pick a lock. His channel is mostly an exercise in technical expertise and not so much a commentary on the quality of locks.
The cordless angle grinder mostly makes moot all the concerns about bicycle lock picking. For the typical bike thief you could combine a shackle hard enough to defy most cutting tools with a luggage lock and get better results than a pick-resistant lock with a shackle that can't last 30 seconds with a cordless cutting tool.
I went with Kryptonite And On Guard U-locks that are small and light enough that I'll actually carry them, while being just long enough to actually reach a fixed bit of infrastructure. These won't deter anyone other than the casual grab and go opportunist thief, but that's good enough for my bikes, none of which cost much more than $200, while I'm inside QT getting coffee and a donut.
The cordless angle grinder mostly makes moot all the concerns about bicycle lock picking. For the typical bike thief you could combine a shackle hard enough to defy most cutting tools with a luggage lock and get better results than a pick-resistant lock with a shackle that can't last 30 seconds with a cordless cutting tool.
I went with Kryptonite And On Guard U-locks that are small and light enough that I'll actually carry them, while being just long enough to actually reach a fixed bit of infrastructure. These won't deter anyone other than the casual grab and go opportunist thief, but that's good enough for my bikes, none of which cost much more than $200, while I'm inside QT getting coffee and a donut.
#30
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
The problem with combo locks is the number of combinations. The number of possible combos is basically the counting numbers (including all zeroes) so a 3 digit lock has only 1000 combos and a 4 digit lock only has 10000. That may sound like a lot but I’ve opened many 3 digit combination locks (briefcases, 2nd hand buys, etc) just by starting at 000 and working my way up. It doesn’t take that long so I imagine even at 10 times as long the 4 digit combos would not be much security for a bike left for a long time.
PIN number analysis
#31
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
Back in the 1980s & 90s the lockpicking community would discover weaknesses and keep them secret. This had the disadvantage of allowing a large body of users to develop before the secret eventually broke (Kryptonite's cylinder lock vulnerability was known to a few experts as early as 1990, but the company was under no pressure to improve. When the Bic Pen hack became public knowledge in ~2004, a decade and a half of customers became at risk almost overnight.)
So then in the naughties the lock picking community adopted a guideline of discovering a weakness, reporting it to the lock company and giving them 6mo~1yr to address the issue. If the lock company did nothing, then was the time to go public with an announcement of the vulnerability (but not a how-to tutorial, you know, unless you were a registered attendee at a DEFCON convention) to prevent a large number of consumers from buying flawed locks.
But the LockPickingLawyer...sigh. His videos be like: "I just figured out how to defeat this lock! Here are the tools you'll need and where to get them! Here is the technique I used! Practice some and you can steal any bike quickly and quietly!"
While there is some valuble info presented, IMO the LPL is ultimately not on our side.
So then in the naughties the lock picking community adopted a guideline of discovering a weakness, reporting it to the lock company and giving them 6mo~1yr to address the issue. If the lock company did nothing, then was the time to go public with an announcement of the vulnerability (but not a how-to tutorial, you know, unless you were a registered attendee at a DEFCON convention) to prevent a large number of consumers from buying flawed locks.
But the LockPickingLawyer...sigh. His videos be like: "I just figured out how to defeat this lock! Here are the tools you'll need and where to get them! Here is the technique I used! Practice some and you can steal any bike quickly and quietly!"
While there is some valuble info presented, IMO the LPL is ultimately not on our side.
Last edited by tcs; 04-08-19 at 09:42 AM.
#32
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
Go down through a playlist of 'LPL picking bike locks' and notice...no videos of Abus U-locks. Hmm (raises an eyebrow.)
Remember how Sheldon suggested two different kinds of bike security devices? Well, if you're really, really worried about lock picking bike thefts (and I'm unconvinced at this point in history you should be), use two Abus U-locks with different types of cylinders. That way any journeyman picker will need complete sets of the correct two types of picking tools in her bag and practical, field implementable knowledge of two picking techniques. (As a bonus, a cutter will need an angle grinder, disc and battery that will make four (4!) cuts.)
Last edited by tcs; 04-08-19 at 12:41 PM.
#33
Senior Member
Join Date: Sep 2014
Posts: 3,893
Mentioned: 20 Post(s)
Tagged: 0 Thread(s)
Quoted: 1062 Post(s)
Liked 665 Times
in
421 Posts
Back in the 1980s & 90s the lockpicking community would discover weaknesses and keep them secret. This had the disadvantage of allowing a large body of users to develop before the secret eventually broke (Kryptonite's cylinder lock vulnerability was known to a few experts as early as 1990, but the company was under no pressure to improve. When the Bic Pen hack became public knowledge in ~2004, a decade and a half of customers became at risk almost overnight.)
So then in the naughties the lock picking community adopted a guideline of discovering a weakness, reporting it to the lock company and giving them 6mo~1yr to address the issue. If the lock company did nothing, then was the time to go public with an announcement of the vulnerability (but not a how-to tutorial, you know, unless you were a registered attendee at a DEFCON convention) to prevent a large number of consumers from buying flawed locks.
But the LockPickingLawyer...sigh. His videos be like: "I just figured out how to defeat this lock! Here are the tools you'll need and where to get them! Here is the technique I used! Practice some and you can steal any bike quickly and quietly!"
While there is some valuble info presented, IMO the LPL is ultimately not on our side.
So then in the naughties the lock picking community adopted a guideline of discovering a weakness, reporting it to the lock company and giving them 6mo~1yr to address the issue. If the lock company did nothing, then was the time to go public with an announcement of the vulnerability (but not a how-to tutorial, you know, unless you were a registered attendee at a DEFCON convention) to prevent a large number of consumers from buying flawed locks.
But the LockPickingLawyer...sigh. His videos be like: "I just figured out how to defeat this lock! Here are the tools you'll need and where to get them! Here is the technique I used! Practice some and you can steal any bike quickly and quietly!"
While there is some valuble info presented, IMO the LPL is ultimately not on our side.
#34
Senior Member
Thread Starter
I think I'm going to shoot for the Abus lock for mine; my wife wants the Faghetaboutit. Will see when the time comes - I mean realistically around my town a cable lock served me well for years but who knows what'll come in places I travel to. From what I can tell the whole angle grinder thing is more a risk if you park overnight and/or in an out-of-the-way spot (that the thief also finds). Inner Harbor of Baltimore in daylight hours, probably not realistic.
Also, food for thought - if I U-lock a bike (or double or whatever) to a standard issue bike stand, the real issue is how easily they can get through the stand, not the lock.
M.
Also, food for thought - if I U-lock a bike (or double or whatever) to a standard issue bike stand, the real issue is how easily they can get through the stand, not the lock.
M.
#35
Banned
I like the frame mounted Ring lock & integrated chain combination Axa, NL, & Abus, DE both offer..
I have the Axa 'defender' + a 1.4M long chain on this one..
Key stays with the bike , lock open when key is in it... once I lock it up then the key stays with Me..
as I go to the grocery store I have the key attached to the pannier,
I'm going to fill with food at the checkstand..
Hook bags back on the rack, unlock it attach, put key, in lock , to bike
Open again & ride home ..
...
I have the Axa 'defender' + a 1.4M long chain on this one..
Key stays with the bike , lock open when key is in it... once I lock it up then the key stays with Me..
as I go to the grocery store I have the key attached to the pannier,
I'm going to fill with food at the checkstand..
Hook bags back on the rack, unlock it attach, put key, in lock , to bike
Open again & ride home ..
...
Last edited by fietsbob; 04-09-19 at 01:00 PM.
#36
Senior Member
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 27,547
Mentioned: 217 Post(s)
Tagged: 0 Thread(s)
Quoted: 18378 Post(s)
Liked 4,512 Times
in
3,354 Posts
It looks like it is still up on Indiegogo
https://www.indiegogo.com/projects/s...k/x/20638628#/
And, unlike Kickstarter, you can sign up for rewards for an extended period of time.
However, the company isn't shipping yet, and updates are sparse.
https://www.indiegogo.com/projects/s...k/x/20638628#/
And, unlike Kickstarter, you can sign up for rewards for an extended period of time.
However, the company isn't shipping yet, and updates are sparse.
#37
Senior Member
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 27,547
Mentioned: 217 Post(s)
Tagged: 0 Thread(s)
Quoted: 18378 Post(s)
Liked 4,512 Times
in
3,354 Posts
Proper locking of the bike (single U-Lock) will grab the post or rack, and the bike frame, and immobilize a wheel, so at least the bike can't be ridden/wheeled away.
Augmenting it with cable, and you can lock 2 wheels.
#38
Senior Member
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 27,547
Mentioned: 217 Post(s)
Tagged: 0 Thread(s)
Quoted: 18378 Post(s)
Liked 4,512 Times
in
3,354 Posts
There is a youtube video about picking a 4 tumbler squire padlock. This one isn't mentioned though. 6 tumblers at gives quite a few combinations if one isn't picking the lock.
For the moment, I've been using a Kryptonite NY lock (or sometimes a cable lock). I keep the key in the bike bag, or can put it over the shackle of the lock if I want, although that limits how the lock and key can be safely carried. But, my key pocket in the bike bag always goes with me.
#39
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
I see youtube videos of lock pickers decoding, bypassing, picking and shimming inexpensive combination locks, and warnings to not count on combination locks for genuine security. I dunno, maybe that's good advice. But what I do not see is videos of lock pickers opening beefier, relatively more expensive combination locks from Abus and Squire, much less opening these locks in less time than they take to open quality keyed locks.
Last edited by tcs; 04-09-19 at 12:55 PM.
#40
Senior Member
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 27,547
Mentioned: 217 Post(s)
Tagged: 0 Thread(s)
Quoted: 18378 Post(s)
Liked 4,512 Times
in
3,354 Posts
1,000,000 combinations. Suggestion: don't set it to your MMDDYY (or DDMMYY) birthday!
I see youtube videos of lock pickers decoding, bypassing, picking and shimming inexpensive combination locks, and warnings to not count on combination locks for genuine security. I dunno, maybe that's good advice. But what I do not see is videos of lock pickers opening beefier, relatively more expensive combination locks from Abus and Squire, much less opening these locks in less time than they take to open quality keyed locks.
I see youtube videos of lock pickers decoding, bypassing, picking and shimming inexpensive combination locks, and warnings to not count on combination locks for genuine security. I dunno, maybe that's good advice. But what I do not see is videos of lock pickers opening beefier, relatively more expensive combination locks from Abus and Squire, much less opening these locks in less time than they take to open quality keyed locks.
The friction slipping to set the tumblers looks curious.
The bike locks appear to have the same exterior tumbler design, but it is unclear if they would be vulnerable to a similar attack.
Yes, 6 digits gives you 10^6 combinations, or 10x10x10x10x10x10 combinations.,
for DDMMYY, one gets 31 x 12 x 100 combinations, or 37,200 combinations.
A few more if one scrambles it a bit... YYMMDD, MMDDYY, etc.
Still, a birthday attack would be difficult without knowing the person's birthday within a few years at least. Then there is always the birthdays of all important relatives, dogs, children, etc, so guessing may still have to cover a lot of years.
Much easier if you actually know the birthdays, but for example, my "online birthday" isn't the same as my "real birthday".
#41
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
Yep. But that's hardly what I'd call a more expensive, beefier combination lock from Abus or Squire. Maybe the big boys are no more secure than that little four-wheel luggage lock...but interesting that all those youtube pickers vying for views by showcasing their skills don't seem to tackle them.
Quite right, that is if someone got the odd idea to enter a random and sometimes nonsensical date as their combination.
Just guessing here, but probably no danger from anyone online stealing your bike. Methinks a more likely candidate would be someone on the cleaning crew at work, emptying the trash after your coworkers brought you a cake, or noticing the birthday card at your workstation.
The 'PIN number analysis' I referenced above is enlightening, particularly as to how bad most folks are at setting security number codes.
for DDMMYY, one gets 31 x 12 x 100 combinations, or 37,200 combinations.
Much easier if you actually know the birthdays, but for example, my "online birthday" isn't the same as my "real birthday".
The 'PIN number analysis' I referenced above is enlightening, particularly as to how bad most folks are at setting security number codes.
Last edited by tcs; 04-09-19 at 09:54 PM.
#42
Cathedral City, CA
Join Date: Oct 2004
Location: Cathedral City, CA
Posts: 1,504
Bikes: 2016 RITCHEY BreakAway (full Chorus 11), 2005 Ritchey BreakAway (full Chorus 11, STOLEN), 2001 Gary Fisher Tassajara mountain bike (sold), 2004 Giant TRC 2 road bike (sold)
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 8 Post(s)
Likes: 0
Liked 2 Times
in
2 Posts
It's pretty crappy though to have a locked, but insecure bike walk off, though. I had my car broken into. The cop refused to do anything because it wasn't locked. So essentially the cop argued I left the contents available & free to anyone passing by on the street, therefore since I did not exert ownership the items weren't stolen...I think he just didn't want to do paperwork.
#43
Junior Member
Yes he was and so was the Judge. Theft is taking something that belongs to someone else. It isn’t fair game just because it isn’t locked. They were both ignorant of the actual law. But cops aren’t lawyers and Judges are elected/appointed with little regard qualifications.
He’s not entirely wrong. I retired a few years ago from Corning, Inc. They are perennially in the top handful of companies with the most intellectual property attacks. Some years before I joined the company, someone basically walked in during working hours, found the workspace of someone who was working on a sensitive project and stole documents (or took photos, can’t remember which). The person was eventually caught and the company prosecuted. However, the judge ruled against the company because there were hardly any measures to prevent unauthorized access. At that time, you just walked into the building. There were no key card entries. There were 3 ways into the building but only one had a security person.
He’s not entirely wrong. I retired a few years ago from Corning, Inc. They are perennially in the top handful of companies with the most intellectual property attacks. Some years before I joined the company, someone basically walked in during working hours, found the workspace of someone who was working on a sensitive project and stole documents (or took photos, can’t remember which). The person was eventually caught and the company prosecuted. However, the judge ruled against the company because there were hardly any measures to prevent unauthorized access. At that time, you just walked into the building. There were no key card entries. There were 3 ways into the building but only one had a security person.
#44
Cathedral City, CA
Join Date: Oct 2004
Location: Cathedral City, CA
Posts: 1,504
Bikes: 2016 RITCHEY BreakAway (full Chorus 11), 2005 Ritchey BreakAway (full Chorus 11, STOLEN), 2001 Gary Fisher Tassajara mountain bike (sold), 2004 Giant TRC 2 road bike (sold)
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 8 Post(s)
Likes: 0
Liked 2 Times
in
2 Posts
Yes, taking something IS taking something. However, value is determined and demonstrated by what steps are taken to protect an item.
#45
Junior Member
#47
Happy banana slug
Join Date: Sep 2015
Location: Arcata, California, U.S., North America, Earth, Saggitarius Arm, Milky Way
Posts: 3,696
Bikes: 1984 Araya MB 261, 1992 Specialized Rockhopper Sport, 1993 Hard Rock Ultra, 1994 Trek Multitrack 750, 1995 Trek Singletrack 930
Mentioned: 31 Post(s)
Tagged: 0 Thread(s)
Quoted: 1533 Post(s)
Liked 1,530 Times
in
917 Posts
The problem with combo locks is the number of combinations. The number of possible combos is basically the counting numbers (including all zeroes) so a 3 digit lock has only 1000 combos and a 4 digit lock only has 10000. That may sound like a lot but I’ve opened many 3 digit combination locks (brief cases, 2nd hand buys etc) just by just by starting at 000 and working my way up. It doesn’t take that long so I imagine even at 10 times as long the 4 digit combos would not be much security for a bike left for a long time.
#48
Happy banana slug
Join Date: Sep 2015
Location: Arcata, California, U.S., North America, Earth, Saggitarius Arm, Milky Way
Posts: 3,696
Bikes: 1984 Araya MB 261, 1992 Specialized Rockhopper Sport, 1993 Hard Rock Ultra, 1994 Trek Multitrack 750, 1995 Trek Singletrack 930
Mentioned: 31 Post(s)
Tagged: 0 Thread(s)
Quoted: 1533 Post(s)
Liked 1,530 Times
in
917 Posts
I carry a 3 lb. Kryptonite chain lock, on the theory that I don't have to have the strongest lock out there, just stronger than the bikes next to me.
Bike theft is a cottage industry around here. A couple of weeks ago I was taking a walk and investigated the new apartment complex in town; 99% of the tenants are university students. The owner offers an elementary school type rack, or some hooks to hang it. On the day I was there, there were three or four cut cable locks and a front wheel secured with a U-lock.
Bike theft is a cottage industry around here. A couple of weeks ago I was taking a walk and investigated the new apartment complex in town; 99% of the tenants are university students. The owner offers an elementary school type rack, or some hooks to hang it. On the day I was there, there were three or four cut cable locks and a front wheel secured with a U-lock.
#49
Palmer
Join Date: Mar 2007
Location: Parts Unknown
Posts: 8,627
Bikes: Mike Melton custom, Alex Moulton AM, Dahon Curl
Mentioned: 37 Post(s)
Tagged: 0 Thread(s)
Quoted: 1671 Post(s)
Liked 1,825 Times
in
1,062 Posts
#50
Happy banana slug
Join Date: Sep 2015
Location: Arcata, California, U.S., North America, Earth, Saggitarius Arm, Milky Way
Posts: 3,696
Bikes: 1984 Araya MB 261, 1992 Specialized Rockhopper Sport, 1993 Hard Rock Ultra, 1994 Trek Multitrack 750, 1995 Trek Singletrack 930
Mentioned: 31 Post(s)
Tagged: 0 Thread(s)
Quoted: 1533 Post(s)
Liked 1,530 Times
in
917 Posts
I was thinking more of secure bike lockers. College students are poor here, as housing is $$$ and beater bikes tend toward chewed up Huffy mtb. Humboldt State University attracts serious bike thieves, and the rest of town has tweakers, so any bike left out is at risk.