My son got a new lock for school yesterday, it is a model 1500i Master Lock. As opposed to the classic wheel twist, this new modern lock has a joystick sequence to open. Push the bar: Up, Down, Left, Right, and then pull to open. It brings home; Hey Dad, look at this shiny new lock! As a computer programmer, my immediate response was "wow, this is not much space key"!
The default password is 4 steps 4 shares = 4 ** 4 = 128 possible combinations possibilities. On average, it will take only half that of brute force the key to this lock is "quite open". An entry every 10 seconds means about 10 minutes of hard effort and the lock is
Note: .. There is much good for the school, but stick with me on the idea
combination is user adjustable
Being from a family of mind security, my son change the password so it now 5 positions! This multiplies the key space conceptually 4 giving 512 combinations and increasing the average brute force to 256!
Would it be better than 10 actions? Sure, but it's like telling people to have more passwords ultimately you can not remember and it takes a very long time to come.
Comparison with conventional locks
I went to the store for lunch today and bought a lock master conventional locking dial. It has 3 digital selections in the range of 0..39. 40 ** 3 = 64,000 possible combinations. Much better! On average, I have to try 32,000 times to brute force.
used the key of space vs.
The conventional lock has 40 numbers, but you can "miss a bit" and the lock will still open. This means that 40 positions are not really 40. It is also the thing that the latest issue can really be judged continuously while turning the wheel, you can depress the key space quickly.
Understand it would be good to have a real specific number, I went looking.
The power of Google search finds college class materials Professor Traynor at Georgia Tech, which includes references to a document by Matt Blaze (see page 5 PDF) studying the problem. The example of the class uses a commercial security lock with 100 positions = 100 ** 3, which reduced to 22,300 real possibilities once you get rid of the "fluff" and invalid passwords. For example, there are whole regions of the ring that may be used for the last number. The 0..39 master lock is bound to be much less. Again, there is much good for school children
I must say, really cool that GA Tech has a class on piracy locks
Okay. - . I am lost in the calculation.
Back to the point: The password is not really important. Whether the number of tests is 256 for locking the handle, or 22,300 for a fairly good commercial security, it is even easier to attack the lock otherwise.
time to study
You can kill too much time with this, but visit youtube and search for "Hack Master Lock". Here you will find 47 children under 5 showing you how to use a coke box and a pair of scissors to bypass the lock master "password" in minutes. Each of them can do it in less than 15 seconds, but I must say that very few do it with good lighting, cinematography is generally poor and they always have their hands covering the lock at the precise moment of clarity!
swallowed a coke and tried it myself, a good time. So far I have not managed to do it, but I will!
The key thing to note is that the quick method for hacking the lock does not even touch the dial password! No matter how many numbers are the password, no one will enter!
comparisons to computer security
We are all excited, "Passwords should be really long and must include special characters"! Communication protocols must use "very long keys!" RSA 2048 is surely better than RSA 1024! Make sure you change your password every 60 days! This is all great, but when a 5 year old with a "coke can" can bypass the password all together, the whole discussion of the length of the password lack rather the point.
Keeping things protected in computers is ... difficult. We connect to the Internet and tell the world not to enter. He is difficult. Foreigners are not trustworthy! Insiders are not trustworthy. You are not trustworthy. You are director hacked too!
I find the coke can hacking an interesting topic. The parallels to IT security are too fun to pass up - and a little disturbing
Hopefully you enjoyed this ...
-Joe North
.
0 Komentar