From Ars Technica:
Let’s pop this lock! Nate Anderson
Yesterday, our own Dan Goodin covered a clever new hack that uses a bit of calculation to reduce a well-known Master Lock exploit from 100 maximum attempts to just eight. Today, we put the hack to the test. Is cracking a Master Lock as simple as hacker Samy Kamkar makes it look if you have absolutely zero experience?
I bought a new Master Lock from a local drugstore last night and sat down with it this morning to see if I could pop it open without looking at the combination first. Using Samy’s instructional video and a basic Web tool he designed, I timed my attempt at opening the lock.
The first few minutes seemed promising. I watched the video and began to replicate its instructions on the lock in my hands, but two of the steps proved trickier than they looked. The first and second “locked positions” were simple to find, but the third number I needed was a “resistant location” that was far more subtle. While I was supposed to note the one place where the lock caught each time as I spun the dial, it seemed to catch in multiple places even as I varied the pressure on the shackle. I took a guess and used the Web tool, which generated 16 possible lock combinations.
I tried to rule out half of these in the way shown on the video—testing which “third number” in the combination had more “give”—but this again seemed hard to measure. They felt almost identical. I took my best shot and then tried the remaining eight combinations.
I watched the video again, refined my technique, and took another whack at the whole thing. This time I felt more confident about the “resistant location,” but I…