And now for something completely different, to use that Monty Python phrase. When we think of secure systems, we often also consider the physical security of the premises. In the cryptography context, we consider (cryptographic) keys as well, even though they are shaped in bits, not in physical objects. In this book review we will talk about lockpicking, as in the actual locks protecting doors and objects with the keys to match them, not merely the conceptual ones we discuss in cryptography or systems security, and cracking real-world safes that (supposedly) keep our valuables safe and secure. There are obvious parallels between these worlds.

Just thinking about this topic brings me back close to 25 years ago, to the summer of 2001 at Hackers At Large (HAL): a warm summer breeze at the University of Twente (UoT) in Enschede, in the eastern part of the Netherlands, a soft blanket on the UoT meadow where HAL took place, and a bunch of padlocks and lockpicks available for trying out at the Lockpicking Tent, or whatever it may have been called then. Deep concentration on the matter, a simple padlock, some tools, a good tutor, and after a while the lock opened: voilà! Convinced that I would like it, it led me to purchase that first set, which was (and still is) fun to experiment with.

Locks are for honest people, as they always say. Jos Weyers, Matt Burrough, Walter Belgers, BandEAtoZ, and Nigel K. Tolley (yes, there is a hacker handle in that author list somewhere) have written a book with close to 400 pages that dissects the subject of lockpicking (how to open locks without a key), impressioning (how to create key when you have lost the one meant for the lock you have), and safe cracking (umm, yeah, opening that safe). And the book was written with competitions in mind for all of these, hence the term sport in Locksport.

This approximately 400-page-long book is divided into five parts (I-V) and overall 17 chapters, with an additional introduction, two appendices, and an index. The five aforementioned parts cover The Basics (Part I), Pin Tumbler Lockpicking (Part II), Impressioning (Part III), Safe-Lock Manipulation (Part IV), and Lever Lockpicking (Part V). The book is competently illustrated with color photos, historical sketches, and other explanatory diagrams.

The introduction sets up the book for the reader: it is a book about lockpicking and safe cracking, but it is geared to those interested in the sport of lockpicking and safe cracking, in other words manipulating those devices to make them open up.

The first part on "The Basics" covers what the locksport competitions are all about, plus all the locks to consider. The reader is given an overview of the types of locks out there, how to disassemble them, understand them, and how to practice with them in preparation for a competition. A brief overview of the legality of lockpicking, or mere possession of lockpicks, is provided for some countries. The illustrations let the reader understand what the inner workings of a lock can look like.

The second part on "Pin Tumbler Lockpicking" focuses on one type of lock, the pin tumbler lock, one of the most common and cheapest locks needed for preparation for a competition, according to the authors. The reader learns about basic setups of the pins and tumbler, and also about advanced mechanisms for increasing the security of the locks, such as trap pins (they permanently disable a lock when lockpickers fall into the "trap" of picking that pin), or deceptive security pins (that make the lockpicker falsely believe that they have found the proper setting of the pins). Nicely illustrated with photos of locks, showing the tumbler and pins, plus the associated keys (either inserted or not), this part is great for those wanting to understand the basics of pin tumbler lockpicking and those who want to take the next step at understanding advanced, supposedly pick-safe, pin tumbler locks. Many tools for lockpicking are shown and discussed, from tension tools, simple picks, up to the allrounder rake, and even pick guns. One fine example from popular culture, not referenced in the book, would be the scene in "The Lives of Others" where the East German Stasi enters the dissident's home with a pick gun with the intent to install bugging devices. There is a list of competitions for pin tumbler lockpicking, for those interested in pursuing this beyond reading the book.

The third part focuses on "Impressioning," a skill that was once used by locksmiths more frequently, namely for creating a key from the impressions a lock leaves on a blank key. This means you would be creating a key for lock that you don't have a key for. This shows the reader where to find the hits for the cuts to make on the blank key, and starting filing away! The locksport competition has revived the interest in this area in recent years.

Manipulating a safe is something we often hear about from spy movies or television crime series. This part on "Safe-Lock Manipulation" delves deep into the art of getting clues about the lock settings of a safe, again for the purpose of a competition, the locksport competitions, that is. Listening devices, understanding the safe wheels, establishing safe-lock graphs, and the various grades (length of resistance to safe-cracking) are part of this process. Here we see much discussion of what you would find in the cryptography field, namely what it would take to brute-force (i.e. trying all combinations) the lock and what more common efforts would look like (not needing to try all combinations.) Of course we find a reference to Matt Blaze's 2004 paper on "Safecracking for the Computer Scientist."

In the last part on "Lever Lockpicking," we go back to earlier lock designs in human history, ones without pins but rather with "levers," metal panels that interact with a shaped key. This type of lock would be more common to find in Europe or India, for example, and perhaps often be associated with old-world (did someone say Switzerland?) safe deposit box keys. Again, detailed illustrations of these locks, with its parts explained, and step-by-step instructions for lockpicking, help with the understanding of the inner workings and for participating in lever-based locksport competitions.

The book wraps up with describing other types of locksport competitions, including those found at conferences such as DefCon, ShmooCon, or even BSides, and where to actually find equipment, whether picks, training locks, or more sophisticated picking equipment or materials. There is a brief listing of complementary and seminal books and resources, for those wanting to go back to more basic lockpicking outside of the competitive sport.

The authors, well versed and immersed in the field, did a fine job at drawing the reader into this fascinating world of lockpicking, especially by bringing the engaging competition aspect into it. I hope you will enjoy reading (absorbing?) this book as much as I did. My copy has already found its permanent space on my bookshelf. My picks are within reach at all times. And thanks for the latest sets I got last week, you know who you are!