Friday, May 10, 2013

door lock or password?

found on the meta picture

this won't work on all locks, of course. some (most?) lock by turning in one direction and unlock by turning in the other direction, so if you turn them all in the same direction you're either locking them all or unlocking them all. still, if/when it does work, it turns door lock security into password security.


Anonymous said...

Actually, it ADDS password security to the door lock security. Each lock adds another bit to the password (n locks - n bits)

The cost to brute-force a single password is the same as the cost to pick all of the lock that you think are currently locked, so on average n/2 locks. It's not cumulative because if you engage a lock you need to re-pick it to disengage it. The best you can do is sort the passwords in grey code order, which means you change only one bit from one experiment to another, that's 2^n-1 lock pickings for brute forcing, or on average half of that - 2^(n-1)-0.5. The -1 is because the all-unlocked combination is not considered.

In this case, having 6 locks, she's increasing the time to unlock by an average factor of ~32, if she chooses a random combination. If it takes 2 minutes to pick a lock, it will increase to over an hour on average.

If she insist on the silly technique of locking 3 all the times, it reduces the number of possibilities to 19 so only 9.5 combinations on average.

I would recommend she changes her tactic to select a random combination and change it frequently.