|
|
|
|
|
|
by DoctorOetker
27 days ago
|
|
|
PIN number lock boxes are pretty unsafe, one could consider 2 simple solutions to stop someone trivially determining your PIN: 1) after closing the box, randomize the digits: humans are pretty bad at randomization, imagine modeling the randomization delta it won't be perfectly uniform, and the different discs would display similar distributions of rotation. Suppose spinning a disc to randomize it, one might have a peak at delta=+3 and sidelobes with lower frequency. Just a handful of observations when the codes were randomized will reveal the relative positions of the true code, and the only missing information is 10 possible global rotations, which is easy to brute force 2) A second approach is to not let an attacker learn anything by always presenting them with the same information: instead of randomizing, always reset to the same value (0000 or 9999 or any other value of choice). But in this case another attack becomes extremely easy: acoustically detecting the number of indentation clicks used per wheel by recording: without access to actuation direction that gives 1 bit of direction doubt per wheel or only 2^4 = 16 combinations left, easy to brute force. |
|
|
Anyone installing recording gear to record the clicks, or trying lots of combinations would - in addition to drawing unwanted attention - be pretty dumb to invest the time as there are much better and easier targets.
And good point, didn’t mention that, I do randomize the pin digits.
It is all tradeoffs between security and convenience. We aren’t hiding state secrets and that opens lots of options.