?

Log in

No account? Create an account
Previous Entry Share Next Entry
Lockpicking
Face
mudcub
I work for the government in a secure facility. So, I have to walk past a set of security guards each morning, my belongings are searched, then through a set of locked doors with my keycard and password, then through the building and into *another* set of locked doors into a special "super secret" work area arrive at my desk. Leaving the office (or even to use the bathroom), requires this same process in reverse.

I have over 10 computer passwords I have to memorize (and not write down). I have to unlock file cabinets and safes and these weird electronic locks where the numbers move at random so anybody looking over your shoulder can't see what buttons you are pressing. Anyway, we also have locks like these:



This isn't the real lock... this is a lock I use on my bag for the gym. And that's not my real combination (though maybe it should be!) Of course I can't bring a cell phone or camera or iPod into the office to take a photo of the real lock. The real office locks have numbers on them, not letters like the one above. The numbers go 1, 2, 3... and so on. The number 1 is directly opposite the 6, and the 2 opposite the 7.

Every day before I leave work, I flip the combination with my thumb. Sometimes I turn all the numbers up, and sometimes down at random. However, I was thinking about ways to subvert this style of lock. If I was a terrorist (which BTW I am not), I think there are strategies that make these locks unsafe:

1. Brute force. As you can tell, there are only 10,000 possible combinations. And it would be easy to try combinations by sliding each ring slowly and gently pulling. Plus, there seems to be a lot of "give", and you can still be a number off and the lock will still open. That reduces the possible number of combinations from 10*10*10*10 to 8*8*8*8 = 4096... less than half. Over a period of weeks, brute force could work.

2. If I assume that I always shift each ring, and the shift is random up or down, I bet that the original  number is never chosen. To do that, I would have to rotate a ring one complete revolution, and that would never happen. Let's say the original number is 5. I bet I would get a lot of 1/2/3 or 7/8/9 combinations. But rarely 0 and *never* 5. Then,track the mixed-up numbers over a period of weeks and try out the probable answers.

3. Or contrarily, if I assume that I sometimes forget to shift a ring, I can keep a list of the mixed up numbers at the end of the day. The numbers that show up a lot are probably the "unshifted" rings and are part of the solution.

4. A trickier method is to use statistics. For example, if the first digit is 5, I bet that I often move it up or down 3 places, give or take 1. Even if I don't assume motion or non-motion (as I did in #2 or #3 above), I bet the mixed-up numbers form a gaussian (aka "bell curve") around the solution. Or maybe the union of two gaussian curves, each offset slighty and centered around the answer. Statistics could find a sorted list of probable solutions. Maybe I'll dig out my college stats book and work on this approach.

5. Conjoined answers. My thumb often turns more than one wheel at one time. I could treat the mixed-up numbers as dependent and not independent variables. That might help use a solution for one wheel to find the solution of its neighbor.

As you can see, this type of lock is not very secure. It's a good thing it isn't locking up anything really important at my office. I'm always tempted to bring security concerns like this to my company. But I learned the hard way, that they aren't interested in making the office more secure than they are at laying blame.

Three years ago, I sent a memo that there was a disposal bin at the end of a dark hall full of top secret documents waiting to be burned and destroyed. There was construction going on, and this once visible container was now hidden behind some plywood barriers. I told the security office that anyone could stand for hours sorting through the trash and not be seen. A ruler or pencil could fish documents out of the top slot, to be snuck out of the building later. Because of the nature of the burn bin, it was full of the juiciest top secret documents - there was more sensitive stuff in there than there would be locked inside my desk. Instead of being rewarded for my diligence, I was subjected to a two hour interrogation about why I was curious about the burn bins. I have since learned to drop any plans or thoughts I have on security issues at work. Ah, life as a government contractor.

I propose to chain up  eric_mathgeekwith several of these types of locks and see if he can use mathematics to free himself. I will be submitting my grant proposal for this work within the week, and expect to get funding by July. I call the field "Applied S&M"... statistics and mathematics.

  • 1
In high school, we learned that most of the master locks actually could be rotated while pulling on the lock and when the turning wheel had tension, you just hit the right number, so then switch directions and go to the next number... and repeat for the third and you were in.

I broke into a bunch of lockers during high school like that. (Frequently my own when I forgot the damn combo.) Didn't even take anything good (almost got a wrestling singlet once though *snicker*), it was more a test of ability.

Edited at 2008-04-10 01:28 am (UTC)

  • 1