Previous Entry Share Next Entry
Lockpicking
Face
mudcub
I work for the government in a secure facility. So, I have to walk past a set of security guards each morning, my belongings are searched, then through a set of locked doors with my keycard and password, then through the building and into *another* set of locked doors into a special "super secret" work area arrive at my desk. Leaving the office (or even to use the bathroom), requires this same process in reverse.

I have over 10 computer passwords I have to memorize (and not write down). I have to unlock file cabinets and safes and these weird electronic locks where the numbers move at random so anybody looking over your shoulder can't see what buttons you are pressing. Anyway, we also have locks like these:



This isn't the real lock... this is a lock I use on my bag for the gym. And that's not my real combination (though maybe it should be!) Of course I can't bring a cell phone or camera or iPod into the office to take a photo of the real lock. The real office locks have numbers on them, not letters like the one above. The numbers go 1, 2, 3... and so on. The number 1 is directly opposite the 6, and the 2 opposite the 7.

Every day before I leave work, I flip the combination with my thumb. Sometimes I turn all the numbers up, and sometimes down at random. However, I was thinking about ways to subvert this style of lock. If I was a terrorist (which BTW I am not), I think there are strategies that make these locks unsafe:

1. Brute force. As you can tell, there are only 10,000 possible combinations. And it would be easy to try combinations by sliding each ring slowly and gently pulling. Plus, there seems to be a lot of "give", and you can still be a number off and the lock will still open. That reduces the possible number of combinations from 10*10*10*10 to 8*8*8*8 = 4096... less than half. Over a period of weeks, brute force could work.

2. If I assume that I always shift each ring, and the shift is random up or down, I bet that the original  number is never chosen. To do that, I would have to rotate a ring one complete revolution, and that would never happen. Let's say the original number is 5. I bet I would get a lot of 1/2/3 or 7/8/9 combinations. But rarely 0 and *never* 5. Then,track the mixed-up numbers over a period of weeks and try out the probable answers.

3. Or contrarily, if I assume that I sometimes forget to shift a ring, I can keep a list of the mixed up numbers at the end of the day. The numbers that show up a lot are probably the "unshifted" rings and are part of the solution.

4. A trickier method is to use statistics. For example, if the first digit is 5, I bet that I often move it up or down 3 places, give or take 1. Even if I don't assume motion or non-motion (as I did in #2 or #3 above), I bet the mixed-up numbers form a gaussian (aka "bell curve") around the solution. Or maybe the union of two gaussian curves, each offset slighty and centered around the answer. Statistics could find a sorted list of probable solutions. Maybe I'll dig out my college stats book and work on this approach.

5. Conjoined answers. My thumb often turns more than one wheel at one time. I could treat the mixed-up numbers as dependent and not independent variables. That might help use a solution for one wheel to find the solution of its neighbor.

As you can see, this type of lock is not very secure. It's a good thing it isn't locking up anything really important at my office. I'm always tempted to bring security concerns like this to my company. But I learned the hard way, that they aren't interested in making the office more secure than they are at laying blame.

Three years ago, I sent a memo that there was a disposal bin at the end of a dark hall full of top secret documents waiting to be burned and destroyed. There was construction going on, and this once visible container was now hidden behind some plywood barriers. I told the security office that anyone could stand for hours sorting through the trash and not be seen. A ruler or pencil could fish documents out of the top slot, to be snuck out of the building later. Because of the nature of the burn bin, it was full of the juiciest top secret documents - there was more sensitive stuff in there than there would be locked inside my desk. Instead of being rewarded for my diligence, I was subjected to a two hour interrogation about why I was curious about the burn bins. I have since learned to drop any plans or thoughts I have on security issues at work. Ah, life as a government contractor.

I propose to chain up  eric_mathgeekwith several of these types of locks and see if he can use mathematics to free himself. I will be submitting my grant proposal for this work within the week, and expect to get funding by July. I call the field "Applied S&M"... statistics and mathematics.

  • 1
The answer is, probably not (honestly, I couldn't follow your numbers 2-5, I think I'm not getting some initial assumptions about the set up...).

And besides, why would I?

Well then, you'd be locked up for a very very long time! {grin}

Each wheel looks something like this:

0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9

So, a set of four wheels might be:

5 - 6 - 7 - 8 - 9 - 0 - 1 - 2 - 3 - 4
1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 0
2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 0 - 1
8 - 9 - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7
^
|

With the arrow above pointing to the solution 5128.

When I scramble to top wheel to point to something besides 5, I find that I only slide it up a few numbers (to 7 or 8) or down (to 2 or 3). I was trying to generalize a strategy based on assumptions about how good I am at mixing up the wheels before I go home for the day.



Edited at 2008-04-08 04:58 pm (UTC)

(Deleted comment)
You are correct! Good thinking...

So its funny how people who have "huge" responsibilities, particularly at work, are generally the one's that end up being the slave-type.

And perhaps a lock with that combination (slut) would make a good piece for a PA piercing, it could almost be used as a chastity device too.

That style lock, as a bicycle lock, was easily picked in my youth by noticing if there was any horizontal play in the dial as it was moved to successive numbers. Play meant is was part of the combination.

I can find locks for nips or PA that say Master, but you can never find "Slave" or "Cub" or "Daddy's", etc... seems like an marketing opportunity going unfilled.

Re: Another technique

Hmm.. I've thought for years that someone needed to create a "slave" lock to go along side the Master lock. :-{) Seems like it wouldn't be THAT hard to do...

Most of those style of locks are easily defeated not even while looking at them. I have a cheap cable bike lock that I can open behind my back with my eyes closed in about a minute or so just by feeling the change in backlash on the various dials while putting tension on the lock. I know the lock is pretty much worthless, but I still use it, since the bikes are cheap, for one, and it's only meant to keep someone from casually riding away. A determined thief can defeat any lock, but determination in this case would be to make off with a hundred dollar bike from Wal Mart.

puggish thought #1: There is a reason statistic sounds so close to sadistic.

puggish thought #2: a pug figures if someone is finally willing to put her in bondage, she has NO inclination to try to figure a way to get out of it! :)


(Deleted comment)
Good idea! Like a dictionary hack...

In high school, we learned that most of the master locks actually could be rotated while pulling on the lock and when the turning wheel had tension, you just hit the right number, so then switch directions and go to the next number... and repeat for the third and you were in.

I broke into a bunch of lockers during high school like that. (Frequently my own when I forgot the damn combo.) Didn't even take anything good (almost got a wrestling singlet once though *snicker*), it was more a test of ability.

Edited at 2008-04-10 01:28 am (UTC)

  • 1
?

Log in

No account? Create an account