1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: What combination locks teach us about encryption weakness

Discussion in 'CSO' started by RSS, May 19, 2015.

  1. RSS

    RSS New Member Member

    Last week, an interesting story made the rounds on social media about a researcher named Samy Kamkar who discovered a flaw in Master-brand combination locks and was able to open the lock in eight tries or less. It’s a great discovery and is of particular interest to security professionals because it teaches us about encryption, the concept of brute-force attacks and weaknesses in implementation.

    First, let’s start with combination locks.

    A standard Master-brand combination lock has 40 numbers on a wheel. It’s unlocked by turning the dial to the first number, second, then third. In total, there are 64,000 possible combinations on a lock of this type. I chose 10 random combinations and timed myself on the lock to see how long it would take for me to rotate through them. It took me about 12 seconds per combination so to try all 64,000 possibilities, it would take me up to nine days of non-stop working the lock to guess the correct combination. In cryptography, this is called a brute force attack – trying every single possible combination until the one that works is discovered.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page