Have you ever been curious about how keys work? I teach a computer security course in which we cover how locks work and how they may be cracked or circumvented. We do so because locks teach key security principles in general. If you look attentively at the upper edge of a key, you’ll notice a series of V-shaped valleys. If you look at the key closely enough, possibly with a ruler, you’ll discover that the valleys’ bottoms are evenly separated. Each valley contributes one value to the combination, and the depth of the valleys encodes a sequence that the lock accepts.
A cylinder is the portion of the lock that moves when you insert your key and turn it. Only if all of the valleys on the key are the appropriate depth for your lock will it spin. But how does your lock know if the valleys on your key are in the appropriate order? There are vertical shafts inside the lock, one for each valley of the key. A pair of metal pins may freely glide up and down in each shaft. The pins can obstruct the cylinder from spinning and prevent the lock from opening, depending on where they are. This happens when a pin is partly inserted or removed from the cylinder.
The pins fall into the valleys when you insert a key into the lock. If a valley is too deep, a pin will protrude and jam the cylinder. If a valley is too deep, the pin sinks too far, and the pin above it sinks into the cylinder, jamming it. None of the pins get in the way if the proper key is inserted with the valleys at precisely the right depths. A blank key is fed into a grinding machine that is configured to carve out the exact valleys that are required. A locksmith can also replace a lock’s pins with new ones that correspond to a certain key.
We say that security is based on “something you know, something you have, or something you are” in computer security. Something you know is an example of a password. An example of something you have is a key. A fingerprint is a good illustration of who you are. However, as you can see, a key is quite similar to a password, with the exception that it is encoded by grinding a piece of metal.
As a result, you should never upload a photo of your home key on the internet. Someone may use the photo to replicate the key, just as they could upload a picture of a credit card or a password. Without a key, it is also possible to unlock or “pick” locks. Locks may be unlocked by inserting a small piece of metal into the cylinder and carefully pressing the pins to the right height one by one. This, however, takes a considerable degree of talent and practice.
What can we learn about security from this? To begin, we must make keys secret by creating a vast number of potential keys, making the correct one difficult to guess or construct. Passwords are the same way. Second, it’s critical to design a lock or computer program that demands each and every piece of the key or password to be perfect. It’s critical to learn about the inner workings of locks and computer programs in order to comprehend how their design might allow them to be broken.
