Math vs Pack Combination
You who use secret locks, be careful! Because with the basics of Combinatorial Analysis it is possible to discover the password in several models! First, let’s define the modus operandi of the users of the secret locks whose model involves several digits visible at the same time, so that they can then be positioned in the correct digits of the password.
Users of these padlocks select a password with the N digits X1, X2, X3, …, XN. As they consider the exhaustive search for this password impossible, that is to test the 9N combinations, they believe it is safe, soon they start to use the lock constantly. Each time they finish using the lock, make sure to shuffle the password, that is, choose Y1, …, YN so for all digits, Yi ≠ Xi.
If the shuffling process is carried out in a deterministic way, that is, always choosing the same Y1, Y2, Y3, …, YN. The analysis of the padlock on different occasions will always give the same information … however, if the shuffling occurs in a non-deterministic way (that is, it shuffles at random, without following any pattern), we will have:
Y11, Y12, Y13, …, Y1K
Y21, Y22, Y23, …, Y2K
Y31, Y32, Y33, …, Y3K
…
YN1, YN2, YN3, …, YNK
Thus, if for all digits Yi ≠ Xi (that is, whoever scrambled it made sure that no number of the password would remain in the final configuration). We can determine the frequencies with which each number appears in each digit. Digits with frequencies 0 will be candidates for the solution. This greatly reduces the space for combinations to be analyzed.
However, the risk is heightened for those who use several secret locks (such as computer lab technicians). Since an analysis of the laboratory’s M padlocks reduces its scope of possibilities.
Real example: in a computer lab, they use secret locks to secure ten of the computers’ cabinets. The password for each lock consists of 4 digits from 0 to 9.
When looking at the digit spaces, we can see up to 2 numbers (since they are not actually aligned as a password). Below I present the 10 configurations recorded on my last visit to the site. On the label of each column we have C-(padlock number), and in the lines below the two numbers visible in each space of the password.
C-1 | C-2 | C-3 | C-4 | C-5 | C-6 | C-7 | C-8 | C-9 | C-10 |
7-6 | 4-3 | 6-5 | 4-3 | 5-4 | 9-8 | 7-6 | 5-4 | 3-2 | 8-7 |
2-1 | 4-3 | 7-6 | 1-0 | 9-8 | 3-2 | 1-0 | 1-0 | 9-8 | 5-4 |
2-1 | 4-3 | 2-1 | 4-3 | 6-5 | 4-3 | 0-9 | 3-2 | 4-3 | 6-5 |
4-3 | 4-3 | 8-7 | 8-7 | 8-7 | 3-2 | 2-1 | 2-1 | 5-4 | 2-1 |
Analyzing the digits that do not appear in the Y1, Y2, Y3, Y4 positions of the lock, we have to:
Position Y1: 0 and 1 do not appear;
Position Y2: 7 does not appear;
Position Y3: 8 does not appear;
Position Y4: 0, 6 and 9 do not appear.
With this, we can reduce from the original combinations (9⁴) to the following 6:
1st possibility: 0-7-8-0;
2nd possibility: 0-7-8-6;
3rd possibility: 0-7-8-9;
4th possibility: 1-7-8-0;
5th possibility: 1-7-8-6;
6th possibility: 1-7-8-9.
However, it is worth noting that when we define the user’s modus operandi, we put the user to shuffle the password such that all digits Yi ≠ Xi. But if instead of everyone they were “almost everyone” or “the majority”, the problem would become a little more complex. Because we would need a much larger amount of samples to infer among those with lower frequencies (not necessarily the lowest frequency), which candidates are the solution.
Out of curiosity, I tested these 6 combinations in the same laboratory and none of them opened the lock. Which allows us to conclude that the technician’s modus operandi does not guarantee that Yi ≠ Xi. To decode these padlocks, we would then need to gather more results and choose as candidates those with lower frequencies, even if they are greater than 0.