This paper examines mechanical lock security from the perspective of computer science and cryptology. We focus on new and practical attacks for amplifying rights in mechanical pin tumbler locks. Given
access to a single master-keyed lock and its associated key, a procedure is given that allows discovery and
creation of a working master key for the system. No special skill or equipment, beyond a small number
of blank keys and a metal file, is required, and the attacker need engage in no suspicious behavior at the
lock’s location. Countermeasures are also described that may provide limited protection under certain
circumstances. We conclude with directions for research in this area and the suggestion that mechanical
locks are worthy objects for study and scrutiny.
