2

I have the following key safe and need to decide upon a combination for it.

keysafe

It's fairly simple mechanically with these features:-

  • It allows the characters 0-9 and A and B (12 possible digits in total).
  • The combination can be 4 to 12 characters long.
  • Each button can be used only once.
  • A weirdness is that the buttons can be pressed in any order for the same code, so 1234 is the same code as 4321.
  • Once you've entered the correct code, you turn the knob to open the safe. It doesn't spring open immediately upon correct code entry.

From the manufacturers website FAQ:-

"The C500 Police approved key safe has 4,096 possible code combinations"

It seems to me that the security /difficulty of the combination will depend on how many digits I set, but I can't figure out how many is best. Intuition suggests to me that the longest possible code is the most secure. But. Clearly if it's 12 digits long, and they're identical in any order, there can only be 1 combination that's 12 characters long. That's not good. Any ideas?

Paul Uszak
  • 499

4 Answers4

3

The $4096$ combinations represents $2^{12}$ as each button can be part of the combination or not. You have twelve binary choices, so multiply twelve $2$s together. Perhaps we should delete the combination with no buttons as the lock is then always unlocked. As long as nobody knows the length of the combination, any one of them is equally secure. If the length of the combination is known, the best you can do is six buttons, for which there are ${12 \choose 6}=924$ choices. Intuitively you want an equal number of buttons pressed and unpressed for the maximum.

Ross Millikan
  • 374,822
1

There are $4096$ subsets of the twelve element set of possible keys. That's the number advertised - it's not quite right since it includes keys with fewer than four elements, but that's not very many.

The length of the key is really part of the key since when you turn the knob and it fails you have to start over. That means there's no advantage to choosing the length for the maximum number of possibilities (that would be $6$).

You could argue that short codes are easier to test by brute force (there are "only" $495$ of length $4$) and that someone trying to break in systematically would try them first since they are easiest to type.

Ethan Bolker
  • 95,224
  • 7
  • 108
  • 199
0

One possible issue I see is that a possible intruder may not know the details of the lock and may make their own assumptions regarding how the lock works (for example, they might think that the order of the buttons pressed does matter or they might assume that length of the key is four digits like a pin).

Also, even if they knew the details of the lock, it is opened via human input and not a computer and humans are notoriously bad at picking numbers randomly. In addition, a possible intruder might try combinations they believe people would likely set.

Due to all of these factors, it's important to keep in mind that the probability distribution of an intruder picking amongst the 4000-ish keys for your lock is not uniform.

benguin
  • 3,846
  • I think that you have to assume that the burglar knows how the lock works better than the company that designed it. Certainly it's negative features. – Paul Uszak Mar 12 '17 at 00:35
  • To give an example, say the OP sets their key to the unique key that contains all 12 characters. If a burglar approaches the lock for the first time and is unfamiliar with this specific type of lock, they may incorrectly assume that the ordering of the key presses matter. In this case, if the burglar uniformly picks from amongst the set of ordered key presses, then $12!$ of them will be equivalent to the OP's key. Clearly, if the OP had chosen a different key, there would be fewer than $12!$ ordered key presses that are equivalent to it. – benguin Mar 12 '17 at 01:12
  • So that's an example where a $12$ digit combination would not be optimal. – benguin Mar 12 '17 at 01:13
0

Really depends on how the code cracker goes about exhausting the possibilities. Lets say he starts with all the one digit codes, then all the two digit codes, and so on. Then the twelve digit code will take him the longest. If he goes the other way, the twelve digit code will take the shortest.

Note that the code cracker doesn't know what length you choose, so you can't choose it strategically to make his job harder unless you have an idea of his strategy.

manofbear
  • 2,271