Imagine being able to get together with a few of your co-workers, look at your office keys and derive a building master key. Or you may not have any working key at all: you could impression the lock, or use one of the many ways we’ll present in this talk to put together little bits of information from a lock to create a working key. We apply information theory - the concept behind the “entropy” of a password - in an easy to understand way to show how every little bit of information about a system can be used to defeat it. The audience will be able to pull any key out of their pocket and understand how it works and how an attacker can create it covertly, and open whatever lock it is for, or even a lock it isn’t for, that shares the same system. We’ll explain how to produce either a single final key, or a set small enough to economically brute force - and release a software tool to let anyone quickly try out all possibilities in an easy-to-visualize way. Finally, we will discuss possible solutions to these problems and introduce vulnerabilities our research has uncovered in high-security systems like Medeco, Abloy, and Mul-T-Lock - including releasing a set of only 159 possible top level master key codes for certain large Medeco mastered systems.