I bought this lock https://cgi.ebay.com/ebaymotors/ws/eB...K%3AMEWNX%3AIT

Then I found out that some of the old locks with the cylindrical keys can be opened with a bic pen... My U-lock uses a cylindrical key. And even if it can't be opened with a bic pen, I think someone can just use the keys from another U-lock and open my lock.

So how do I know if my u-lock is safe?

no lock is 100% safe, but that lock sounds and looks like garbage.

Look for the serial number and email the manufacturer

oh yea, that thing is a piece of junk

I tried the pen trick just now, and I did it.

returning this thing for sure.

Lock your bike. Leave. Return. Is your bike there? Then your lock MIGHT be safe. Repeat for more data points.

Really, after the videos out about picking the cylindrical locks, I wouldn't trust any of them. It is telling that most of the major mfgs switched from barrel to other odd key shapes.

so are combination locks still the way to go? They're way cheaper and they seem durable enough

https://www.amazon.com/Kryptonite-Sta...ies/B000BS0D4Y

Or do you need a gigantic one like you got? If so, I'd get a Krypto chain.

https://www.amazon.com/Kryptonite-Bic.../dp/B001KQ5ZRG

As far as the other keys opening it, that's tough to do with better cyclindrical locks because each groove is cut to a certain depth. I've had a cheap lock that only had 4 cuts and 2 different depths so that's only what 4^2 possibilities? 16 different keys. Old Krypto locks had more different keys than that.

I never could get the pen thing to work, but I only tried for a couple of minutes.

Large U-Locks are bad news bears. Thieves will slide in a jack and pry it open. As seen here. And don't let this amateur fool you. They'll be using more portable bottle jacks (like the kind made for Pickup trucks) and not that hulking floor jack, and they'll do it way faster than his two minutes.

You want as small a U-Lock as you can get (assuming that the metal is still adequately thick and strong). Getting rid of the QR axles and putting in the old fashion solid ones or locking QR's helps lessen what you need to lock. My favorite trick for my seat it to replace the QR or nut with a torx, or at least a hex socket. You really only need to have one axle non-QR, the other can be locked with the frame.

Finally, since no system is theft proof, the best solution is to park it near other bikes. It sounds harsh, but you only need to be faster than the slowest antelope. A friend had hear bike stolen and it was clear that the thieve took his bolt cutters to 2 or 3 other chains or locks before he found one that went immediately.

wow, you paid $13.50 for a bike lock SHIPPED. You know it's gonna cost you almost that much to send it back to them right? btw you can't return it, you can only exchange it. Chalk it up as your loss and don't be so nieve.

I agre it looks crappy. for my money Kryptonite is the only way to go. a bad feature if your bike is that long end of the cross bar sticking out on one end. with a pipe you can easily bend that lock.

i personally recommend on guard locks if you're on a budget. walmart sells a u lock with cable set for around 15.

Kryptonite had a redesign of the lock mech , in recent years .
round key's tube, were found to be the same as the cap of Bic pens.
pick up a pen cap and try it.. Get a learning experience out of it, at least.

FWIW, here's my 1st generation Kryptonite lock purchased new over 30 years ago:



It has a cylindrical lock, but a plastic pen is too small to fit. The lock itself is hardened steel strap, and the clasp is held in place by hooks, rather than a simple pin. I suspect this would make it less vulnerable to the "jack attack."

Wow, serious old school Krypto.

The silver piece totally reminded me of these aftermarket doodads that looked like the silver piece but had the cylindrical sleeve on either end and was made to eliminate free space when using a U-Lock. They were fairly common in the early 90s and called Bone something Dog Bone, I dunno.

You'd basically lock your bike to a rack or parking meter but before putting the bar on the U, you'd slide a couple of these "bones" on to keep everything snug and leave no room for jack insertion.

Kryptonite abandoned cylindrical key locks all together and now use a flat key lock that is harder to pick. The whole BIC pen cap thing took everyone, including the lock manufacturers by surprise as Cylindrical locks were considered higher security back then. But I suspect that if you just give it some time, the scummy theives will always find new ways to pick the newest lock designs too. It's just a technology war that keeps going on and on between the lock makers and the bad guys. Unfortunately, the bad guys keep figuring out simple "McGuyver" types of solutions that gets overlooked by so called lock "engineers". The BIC pen cap was an inexcusable mess up by the lock makers IMO. At least, Kryptonite offered a nationwide lock exchange program. They replaced two locks for my motorcycle (A brake disc lock and a large "New YorK' U lock) with the program without any cost to me, but I don't think the other manufacturers were as nice about it.

Chombi

I contacted them, and they were very nice and told me that they would refund my money back AND I don't have to ship the lock back to them.

I wonder how it took them by surprise. I mean, if it's that easy to pick the lock then the mechanism must be extremely simple and it's ineffectuality obvious.

It took them by surprise because a lot of engineers/designers tend to overlook the obvious and simple and like to deal with the most complicated aspects and assumptions they can come up instead with their designs. To be fair, who would really think that a plastic cap could open up the cyclindrical locks? Most people would test locks with picks and the other usual tools of the crooks which I guess, mostly did not work on the cylindrical locks.
On the other hand, the first guy who picked the cylindrical locks successfully with a BIC cap might have just stumbled into it when he/she was fumbling/fidgeting around with a lock and a pen cap.....then suddenly, to his/her surprise,.........the lock opened.....

Chombi

This is an easy question for hackers to answer.

Imagine you're sitting in a room with a lot of well-seasoned (say in their 30s, 8-ish years of experience), degree-carrying, highly-trained computer security experts. They know what they're doing. They hammer you with best practices. They complain about compliance. They write security policies for tons and tons of systems. They give you Acceptable Use Policies and Patch Management Policies.

A new worm comes out.

They all panic.

Reports on the worm are found, examined. Services that it crashes to get in are blocked. IDS signatures go in. AV signature gets updated.

Now, you look at the worm, you go, "Watch this..."

Pull open a terminal, run a few commands. Echo some escape sequence, $(perl -e puts "A" x 1000), payload... you get a shell. Add a local admin account, exit the shell and crash a critical service on the remote end, and the system reboots. Now RDP in with that new account, and have shiny admin access.

Watch all your security guys turn white.

They really have absolutely no clue what they're doing. Security people study security. They study how to make things secure. The problem is they don't understand how to break things; they know that X is a security best practice and Y is a problem you look for, end of story.

Lock manufacturers knew locks could be picked, end of story. They found a different style of lock, something that doesn't have the same vulnerabilities. That's what's obvious: it's different, and doesn't have these vulnerabilities.

Locksmiths and lock hackers, on the other hand, are different. People like me don't play by the rules; we look for things that are stupid, irrelevant, or forbidden. Did you know pin tumbler locks use a number of 2 piece shafts cut from brass to block the rotation of the lock?



When you put in the key, the shafts raise; raise each shaft to the right height and the border between the rotating barrel and its housing lines up with the split in the pin, rather than blocking against one of the two pieces.



Well, these pins are cut from a rod of brass; the cut ends of the pins are not polished; and unpolished things have a lot of drag. Torque the barrel, raise the pins, then let them slip just enough... the lower pin drops out, the upper pin stays caught along the housing, and the barrel rotates.

This attack isn't part of the design. Nobody designed these locks to operate properly with the barrel torqued against the pins and the pins torqued against the housing. Never mind some freakish act where you nudge the pins around, then allow them to slip down, but with some unspecified, unmeasured, unpredicted, and inconsistent amount of torque that's enough to trap the jagged edge of the upper pin, but not hold it in place just by friction with the pin body. That's all black magic.

I don't play by the rules; my first thought when I see something is "how do I break it?" Why should I believe anyone else does? You don't make anything secure by designing it to be secure; you make it secure by designing out any and all unpredicted modes of operation.

That's a good answer if ever I saw one.