2

I am debating with a friend about the security of a building lock that uses four user-selected digits as input. His argument is that it's enough physical security to deny someone access long enough for the people inside to take whatever action they want. I argue that because there are about 200 people who have access to the building, and they all set their own codes, probably dates of some kind, entering a few random numbers will open the door quickly enough. There is no lockout mechanism on this door.

What is the correct way to analyze this problem?

ipartola
  • 121
  • 2

2 Answers2

4

A four-digit code has 10,000 possible values. If the users are picking their codes randomly, then the birthday paradox says that it's virtually certain that some of them have the same code.

But assume there are no duplicates. This generates the second-best-case scenario for an attacker: any given code has a 200 in 10000 chance of being correct, or 2%. After about 34 tries, there's a 50% chance of having gotten in.

The best-case scenario for an attacker is that users pick memorable codes. In this case, punching in "1234", "9876", and "5555" is virtually certain to open the lock.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • Yeah, birthday paradox makes me think that some well definitely be duplicates, and human nature suggests that not all possibilities are equally likely: 0000 is more likely than something like 8975 which is not a valid date. But does this imply real risk, given that the attacker can try roughly one code per second? Seems like with no duplicates, 34 seconds gives the attacker a 50/50 shot at opening the door, but possibly trying common combos is even faster? – ipartola Mar 07 '17 at 23:27
  • I'd assume the building lock probably isn't there to keep out determined people. It's there as a first barrier to entry - to keep out people who may be a bit too curious, but aren't criminals. As Mark explains, the four-digit combination lock won't keep out a determined criminal for long, and if he wants to gain entry, he has basically the whole night to try and punch in codes, so even if he had to try every single one, it wouldn't deter him for long. And with 200 people living in the building, a stranger probably won't even be noticed, unless there is a guard watching the entrance 24/7. – Out of Band Mar 07 '17 at 23:41
1

The correct way to analyze this problem is to identify threats and manage them. Think about who you are preventing from entering the building, and what the consequence would be if he breaks your security. Do you worry about fired employees who come to wreck something in the building? Maybe they'll throw a brick through the window instead of trying 34 keycodes. Or maybe a robbery is your biggest threat because you have very expensive equipment in your building. Think about what can happen and how to prevent that.

Sjoerd
  • 28,707
  • 12
  • 74
  • 102