Tag Archives: encryption

The picking of Bramah’s lock

The Bramah un-pickable lock, patented in 1787, sits behind the glass of the Science Museum as it used to in Joseph Bramah’s shop window at 124 Piccadilly. The lock is large and of heavy construction, emphasising its strength and security for use in banks and businesses. A wooden sign makes the shape of an even bigger lock the size of the shop window, and defiantly states:

The Artist who can make an Instrument that will pick or Open this Lock shall Receive 200 Guineas The Moment it is produced.

I am interested in the history of locks because of the part locking plays in maintaining pseudonyms. We can think of the encryption in digital pseudonymity systems as a lock on the booth of a marionette show in the street. The lock keeps people from opening the booth and discovering the puppeteer inside. The question is, can these locks be trusted to keep a pseudonym safe? Safe enough to criticise an oppressive government for example?

Image from Jeffrey Kastner article in Cabinet
Image from Jeffrey Kastner article in Cabinet

Bramah’s lock could not resist the art of lock-picking it had set out to defeat. It was picked by Alfred Charles Hobbs at the time of the 1851 Great Exhibition. Hobbs had travelled from America to promote a new lock. His method of gaining attention was to defeat the established British lock makers of the time. On his arrival at Crystal Palace he had picked a famous Chubb Detector lock in only a few minutes in front of a gathered audience, before moving on to Bramah’s challenge lock. The shock picking of two of the greatest lock makers of the day was not a unique occurrence. Looking back through lock history, we see a familiar pattern of lock makers defeating their rivals to showcase a new lock innovation again and again. Indeed the lock Hobbs had come to promote was picked by an upcoming American lock maker Linus Yale just a few years later.

How were these people picking un-pickable locks? The problem lies in not being able to design for every possibility, and in having to expose the lock to examination by anyone. The turning part of a lock might be used against it, to prop up pins lifted individually instead of with a key. Or a soft material might be pressed against the pins, leaving an impression of the key that was needed. Or a simple key shape might be ‘bumped’ in to the lock in one quick movement, bouncing all the pins up out of the way in one go. If the lock itself was made inaccessible through the use of a combination dial, a thin ‘shim’ of metal might be slid down the edge of a bolt to unlatch the lock. Or, the audible click of an internal part falling in to place might give the code away.

The history of lock picking provides an analogy of the weaknesses in modern digital encryption required for strong pseudonymity. Digital tools also bring an extra set of challenges to locks in the form of abundant computation and processing. Computers let us sense in greater detail and work at much higher speeds than ever imagined. In Bramah’s day a key was secure hanging on a wall at the back of the shop because no one could get close enough to study it in detail. A technology demonstration recently showed how a key could be photographed with a telephoto lens, traced and corrected digitally, and 3D printed in a matter of minutes. Similarly, combination locks were always assumed secure because of the immense length of time it would take to try every combination, but a recent MIT student project showed that a simple robot arm could be programmed to rapidly try every combination to ‘brute force’ the solution to the lock over a weekend.

top_pic  safeopen_small

I am inclined, in light of this history, to suggest that the locks needed to maintain a pseudonym over any reasonable length of time should be assumed to be weak and breakable. Which would suggest that we need to design pseudonym systems so that their lack of anonymity is understood. The puppeteer is not as hidden as assumed behind the curtain.

This text was read over a looped video of lock picking found on youtube.