Follow lauxmyth on Twitter

Wednesday, September 7, 2011

Artificial Code Restrictions on Safe Locks



If you service digital locks at all, you will find the methods for how some people select the code. The convenience for the end user to set a combination, also means they sometimes choose poorly. The most common group 2 locks accept a six digit code and so have one million theoretical codes.  Some are in use as instructions or factory codes and you really should also toss out stuff like 111111 and 999999.  This means there are less than one million but it is very close.

The process used to get a new code is often done with some method to help memory but it has the problem of significantly restricting the available codes which are selected from at any time.  This is less of a vulnerability during a midnight break in where the intruder knows nothing of the safe except that it has to be in here somewhere.  However, the greater risk is from unauthorized staff or former staff who may have seen somebody open the container or know the system used to get a code.  I once heard a manager tell another the safe code is always a six letter word spelled out and it was said with unauthorized staff in the room.  (The risk here is lessened by this being a locked office to which only the managers have keys and the place runs 24/7.  However, why was it lessened at all.)

With that, I am going to explore the mathematics of how some of these methods of code restriction affect how many codes you are really choosing from when you could be selecting from a pool of almost one million.  I have built these around the LaGard 33E keypad (seen above) which is very common in the North American trade.  There are other keypads and while the shape differs the fundamental problem persists. I will show and discuss these below.


Doing Some Lines of Code

One of the common methods is to choose a pair of straight lines to get the six digits needed.  You can write out all the common 3 number blocks on the face of the above keypad and to get more codes I have even given the three number crooked lines.

Simple Lines
123 & 321
456 & 654
789 & 987
147 & 741
258 & 852
369 & 963
580 & 085

159 & 951
357 & 753

Humps and Valleys
426 & 624
759 & 957
153 & 351
486 & 684
709 & 907

Arrow Points
157 & 751
268 & 862
248 & 842
359 & 953
426 & 624
759 & 957
153 & 351
486 & 684
709 & 907

Assuming the end user gets no fancier than this, you have exactly 46 sets of three number blocks. Since a code would be any triplet followed by another, the possible codes from this system is 46 x 46 or  2116 codes. 

So let's be clear.  You have thrown away over 99% of the possible codes to make it easy to remember.  It does not seem a good price to pay for the memory advantage.


Six Letter Words

End users will use a six letter word to make a code. Doing this, 'lemony' gets you '536760' on the LaGard keypad above.  In any such list, there are words which many users would know like 'mammal' and words few would know like 'meloid'.[1]  If you are looking for a simple way to learn the code, the codes from common words would still be more common than chance.

I could find no definitive source, but his page claims to show the six letter words in English.
http://clubefl.gr/games/wordox/6.html
It does not give a count.  I printed it in small type and counted a few lines and counted the lines to get this at about 15 000 items.  This roughly agrees with another sources I found. 

There are two ways you can get more choices for code.  You can use a phrases of shorter words to get to six letters such as "big egg".  Also, shorter nouns can be pluralized or verbs moved to another tense to get to the needed 6 letters.  On the other end, it is possible some of these words convert into the same 6 digit number since some keys have three letters which all give the same digit.  I can think of no way to research how many codes this would get but it could be roughly double the number of 6 letter words.  So lets assume we get to 30 000 codes.  The lock allows just shy of a million codes and this system leave about 97% of the possible codes unused.  I would say not a good choice either.


Other Key Pads

You can see from these other pads two types of variations.  If they arrange the numbers in a different pattern, the method of getting lines of numbers changes slightly. As such the number of lines change slightly but the basic problem exists.  Also, sometimes the mapping of letters onto the number keys is different so the same word will generate a different code. [2]  Still, English still has the same number of words and six letter phrases so that problem is the same. 

However, some of these allow for codes longer than six digits or even allow codes of various lengths at the same time by different users.  While this changes the numbers the ratios become even worse not better.  You are still tossing out more codes than you are keeping to do either method above.

Sargent and Greenleaf. Like our example but the letters are under different numbers.  It does not always take a 6 digit code.

AMSEC keypad.  Another common brand.  Notice no letters.
LaGard Basic Keypad.  The numbers are in a different shape so the top line could give 123 and then 234 while the verticals could give 269 and 370.  Still limiting.

Found on the net.  No more detail than that.  It just looks fun.
A gun same.  No letters to guide you. Has a key over-ride so if you do forget the code, you can still open it.
A common hotel same.  Only takes 4 digits so only has 1000 codes. More secure in that you do not store anything in it for a long time which limits the time for a person to hack or learn your code.  Typically, upper management of the hotel can over-ride this lock and also open this safe.

Some Methods to Choose Better Codes

Well, almost anything is better than those above.  If a method tosses out 10% of the possible codes, it is probably workable.  Here are three I like and since you do not know which I am using when, good luck working backward.

The phone book gives lots of numbers.  Go to some page which you can remember such as page 39 -- my age, honest.  Choose the last two digits of the first three numbers in some column.  My code would then be 55-57-28.  I would have to remember which phone book, which column, my system and my age.  (I have also chosen the last digit of the last six phone numbers on the page.  My code would now be 769850.)

A little old book of math tables.  You find these in old book stores often for a dollar.  They have pages and pages of numbers of things like the cubic roots of all the numbers from one to 100.  Go to some page which means as much as a tax table to you and find any six digits in a row.  Next time choose another page and point to pick your 6 numbers.

Nice little book from 1918.  It was the 'calculator' of its day along with a slide rule.

Carry a few pages of numbers from Random Org ( http://www.random.org/integers/) and when you want a code just pick 6 numbers.  You could toss this out from time to time and get a new one. (Do not circle or mark the numbers you choose.  If somebody finds the pages, it is giving away too much information.)  Or, if the screen is right there, just pull up the page and use it once.

There are also many other systems to find collections of mixed up numbers and if you go to a different source each time, then your safe code will not fall into a pattern.  My goal was just to dissuade you from using two systems to get a safe code which clearly lack the random nature needed to give you the security you paid for in this safe with this kind of lock.

------------------------

[1] I do not know this word.  I hope I did not just swear!  (Well, just looked up and it is a group of beetles.  So relieved.)

[2] You might have noticed that telephones arrange the keypad with 1 on the upper left but computers put it on the lower left.  I went looking for the reason historically, but closest I found was this from How Stuff Works: http://www.howstuffworks.com/question641.htm


No comments:

Post a Comment