[chris_overseas]

The only surprising thing here is that the master keys didn't leak sooner. This is a close physical analogue to why it's a very bad idea to mandate backdoors in encryption software. Hopefully the UK[1] and other governments will learn something from this, though I won't hold my breath.

[1] https://www.techdirt.com/articles/20150702/00134231524/david...

[dzhiurgis]

Even more surprising thing is that you'd need some leak to pick this tiny lock. What protection mechanisms does it have that you can't reverse engineer within a day or so?

Probably Wired is more inclined to create some FUD around the fact that now this is freely accessible 'for anyone with 3D printer'.

[munchbunny]

For most TSA approved locks (the 3-digit combination locks) you can pick the rotating wheels to deduce the combo much more reliably than picking the keyhole, and you leave no trace.

I guess what I'm saying is that most TSA approved locks were already quite vulnerable to anybody who really wanted to pick them with or without a 3D printer.

[rjaco31]

Well AFAIK, each lock is unique, and while it's easy to pick each individual lock, it's harder to guess or derive from a few of those locks the master key that'll actually open them all.

[pfooti]

That's generally not true. For example: you could buy a few copies of the same lock and take them apart. Unless there's something Really Funky going on, you can use the master oracle method as well (start with your working key, and change one pin at a time to derive the master key, as most locks with a master can be opened with all the pins set to the normal key and any one pin set to the master keying.

I'd say what this "leak" really did was (a) show the world that real security is hard to think about, and (b) make it easier for normal folks who don't know about how locks work to impress their friends with their ninja secret agent tools.

Really, this is all just a parable for the big fight over encryption. Do you really want to trust a government agency with any kind of control over how we lock down our stuff? Newp, nope, and noooope.

[munchbunny]

The real problem with these locks isn't the key, to be honest. The vast majority of TSA approved locks use a three digit combo, and I've yet to find a three digit combo lock that doesn't have a glaring weakness that lets you deduce the correct combo with a sheet of printer paper and sensitive fingers.

There's a small number of TSA approved locks that don't use the three digit combo. Those are a bit tougher to crack.

[drdaeman]

> governments will learn something from this

I fear, some governments may seriously have an idea of restricting 3D printers.

[lambda]

Oh, come on. You don't need a 3D printer for this. All you need is a piece of sheet metal and a CNC milling machine (or heck, even a manual milling machine and some skill at using it), that every moderately equipped machine shop has on hand.

You can't prevent people from having tools that can be used to manufacture things, and no one is seriously going to try.

[StillBored]

Goodness, you don't need a milling machine, you can probably do this work with a dremel, or for that matter a file... You know, like locksmiths made keys decades ago.

[tired_man]

Picking a luggage lock is kind of trivial once you have enough practice.

[drdaeman]

Of course you don't. But when you have a government full of control freaks, would it matter to them?

The world's full of regulations that don't work. Not an issue for the politicians who usually aren't even affected by their own mandated rules.

[PeterisP]

Actually, 3d printer is a tool that's currently cheaper and more widely available than milling machines - the whole point of this is "hey, of course anyone with access to CNC or the skill to operate a manual milling machine could do it, but that's only a small niche, but now every idiot with access to a 3d printer can do it".

People and shops that are below the range of a moderately equipped machine shop can do 3d printing; a 3d printer that can make such a key from hard plastic costs less as a cheap manual milling machine that can make a similar key from metal and requires less skill to operate.

[rjaco31]

That would restrict it to locksmith basically (professional or hobbyist), as opposed to anyone that can find out how to run a 3D printer. Being a locksmith isn't scalable, using a 3D printer is.

[sp332]

The locks have been described as "faster to pick than to use the key". https://twitter.com/mattblaze/status/641330920251891712 But the story is a good illustration of how we can't keep backdoors safe.

[lambda]

No, if you can make a 3D printed model of it, you can CNC mill it. Sure, a CNC milling machine is a bit more expensive than the cheapest 3D printers, but anyone who wants can find a machine shop nearby that will mill something for them, or just send it off to some place online like eMachineShop to get it done.

[TylerE]

and actually, it's not even that much more expensive. You can get a CNC Sherline mill for something like a $1500. Sure - the work area is small, they're mainly aimed at e.g. model builders, but it's big enough for something like this, and they're real honest to goodness CNC precision machine centers.

[meatysnapper]

or a blank and a file. these are not big keys.

[incongruity]

I fully expect we'll see some attempt at regulation at some point because the answer to "you wouldn't download a car, would you?" is actually an emphatic yes. That is to say, when the ability to turn information into product becomes easy and decentralized it will absolutely threaten any illusion governments have of control through standardization. Regulations are the clear path, for better or worse...

[jjoonathan]

Why do you think they didn't leak sooner? It's trivial to reverse-engineer the master keys with a few example locks. Also, whenever I see an article about black-market tor sites that lists examples of available contraband, "sets of TSA / (city) master keys" are frequent fliers.