What's the best combination for my safe?
July 25, 2015 11:48 AM Subscribe
Please help me find the most secure setting for this rudimentary push-button safe.
This little safe, designed to hold a spare housekey, has ten pushbuttons numbered 0-9. To set the combination, you turn the screws located on the inside of the safe, one screw behind each pushbutton. So, if you wanted to set the combination code to 1-2-3, you would simply turn the screws behind pushbuttons 1, 2 and 3, and close the safe. To open the safe, push down button 1, button 2 and button 3 – and the door opens.
But it doesn't matter in what order you press the buttons. You could press 1-2-3, or 3-2-1, or 3-1-2, or 2-1-3, or 2-3-1. They all work: they are effectively the same combination code.
The combination could be just one button, or it could be all ten buttons, or it could be any number in between.
Clearly, a one-button code isn't very safe: a child could crack that in ten attempts at most. And a ten-button code isn't secure either, since it doesn't matter in which order the buttons are pressed – push all ten and the safe will open.
So what is the optimum combination, the one that statistically would be hardest to discover by random button-pressing? Is a five-button combo tougher than a four? Is an eight-button code actually easier to break than a six-button?
And a related question: how many potential combinations are there? It clearly isn't ten billion, even though there are ten digits, because 1-2-3 is the same as 3-2-1 etc. In fact, I think it's well under a million – by one calculation, I made it 135,782, but that might be way, way out.
Thanks in advance to anyone who might enjoy puzzling this out.
This little safe, designed to hold a spare housekey, has ten pushbuttons numbered 0-9. To set the combination, you turn the screws located on the inside of the safe, one screw behind each pushbutton. So, if you wanted to set the combination code to 1-2-3, you would simply turn the screws behind pushbuttons 1, 2 and 3, and close the safe. To open the safe, push down button 1, button 2 and button 3 – and the door opens.
But it doesn't matter in what order you press the buttons. You could press 1-2-3, or 3-2-1, or 3-1-2, or 2-1-3, or 2-3-1. They all work: they are effectively the same combination code.
The combination could be just one button, or it could be all ten buttons, or it could be any number in between.
Clearly, a one-button code isn't very safe: a child could crack that in ten attempts at most. And a ten-button code isn't secure either, since it doesn't matter in which order the buttons are pressed – push all ten and the safe will open.
So what is the optimum combination, the one that statistically would be hardest to discover by random button-pressing? Is a five-button combo tougher than a four? Is an eight-button code actually easier to break than a six-button?
And a related question: how many potential combinations are there? It clearly isn't ten billion, even though there are ten digits, because 1-2-3 is the same as 3-2-1 etc. In fact, I think it's well under a million – by one calculation, I made it 135,782, but that might be way, way out.
Thanks in advance to anyone who might enjoy puzzling this out.
on face value (it's not clear to me exactly how this works), choosing 9 buttons is equivalent to choosing 1 and the most secure combination is 5 buttons, which has "10 choose 5" or 252 different combinations.
(because the combinations are symmetrical and increase away from 0/10 (1 choice), through 1/9 (10 choices), etc)
posted by andrewcooke at 12:07 PM on July 25, 2015 [3 favorites]
(because the combinations are symmetrical and increase away from 0/10 (1 choice), through 1/9 (10 choices), etc)
posted by andrewcooke at 12:07 PM on July 25, 2015 [3 favorites]
Best answer: This problem is symmetric. Pushing eight buttons (and not pushing two of them) is statistically the same as pushing two (and not pushing eight). So, the greatest number of combinations is obviously found with five buttons. The number of combinations for the five on / five off situation is 10 choose 5 which is 10! / 5!5! = 252 possible combinations.
However, I think this is the wrong way of looking at the problem, as your theoretical attacker doesn't know how many buttons they need to try. Since every button can be either pushed or not pushed, the total number of possible combinations is 2^10 = 1024, but you probably want to remove the no buttons pushed case, leaving you with 1023. You can eliminate the one button, two button, and ten buttons cases if you like as well without making much difference to the total (56 less combinations, 55 more if you eliminate the 8 and 9 button cases as well).
posted by ssg at 12:09 PM on July 25, 2015 [1 favorite]
However, I think this is the wrong way of looking at the problem, as your theoretical attacker doesn't know how many buttons they need to try. Since every button can be either pushed or not pushed, the total number of possible combinations is 2^10 = 1024, but you probably want to remove the no buttons pushed case, leaving you with 1023. You can eliminate the one button, two button, and ten buttons cases if you like as well without making much difference to the total (56 less combinations, 55 more if you eliminate the 8 and 9 button cases as well).
posted by ssg at 12:09 PM on July 25, 2015 [1 favorite]
practically, you want about 5 buttons selected, and for there to be no obvious pattern.
one simple way to do this is to toss a coin for each button in turn, and set it if heads. there are enough buttons that you should get something pretty unrecognisable, with around 5 selected.
posted by andrewcooke at 12:13 PM on July 25, 2015 [1 favorite]
one simple way to do this is to toss a coin for each button in turn, and set it if heads. there are enough buttons that you should get something pretty unrecognisable, with around 5 selected.
posted by andrewcooke at 12:13 PM on July 25, 2015 [1 favorite]
Best answer: From a psychological point of view, if I were to try to crack this, I would definitely start with 3 and then move on to 4 button combinations on the theory that people are far more likely to choose them (mostly because they are easier to remember). On that basis, I would choose a 5 or 6 button combination for the best security.
posted by ssg at 12:16 PM on July 25, 2015 [2 favorites]
posted by ssg at 12:16 PM on July 25, 2015 [2 favorites]
Assuming optimal attacker strategies, the best choice is 5 buttons - 10C5 is 252. I see no reason not to assume optimal attacker strategies - this is a pretty simple safe.
posted by spielzebub at 12:16 PM on July 25, 2015
posted by spielzebub at 12:16 PM on July 25, 2015
Best answer: sorry, i geeked out a little...
the argument i gave above (toss a coin for each button) gives you the "best" combination on the assumption that the "cost" for an attacker to try any number is the same.
but, from your description, it seems likely that combinations with more buttons will take longer to test. so ideally you would want to select a combination that is appropriately skewed to larger numbers of buttons. because then there's no advantage for the attacker to try shorter combinations first.
so i assumed that the cost per combination is the number of buttons plus one (to test if it can be opened). a "good" way to find a "random" combination is then to select a random value weighted by those costs.
anyway, getting to the point. if you then sort the combinations by cost and run through them until you get to the "mid point" where the sum of costs of all combinations seen is half the total cost (which is 6144, incidentally) you get to an "average" combination.
the reason i did all this was because i though taking this into account, the average combination might be longer than 5 buttons. but it's not. so this was all a waste of time really.
posted by andrewcooke at 1:57 PM on July 25, 2015 [3 favorites]
the argument i gave above (toss a coin for each button) gives you the "best" combination on the assumption that the "cost" for an attacker to try any number is the same.
but, from your description, it seems likely that combinations with more buttons will take longer to test. so ideally you would want to select a combination that is appropriately skewed to larger numbers of buttons. because then there's no advantage for the attacker to try shorter combinations first.
so i assumed that the cost per combination is the number of buttons plus one (to test if it can be opened). a "good" way to find a "random" combination is then to select a random value weighted by those costs.
anyway, getting to the point. if you then sort the combinations by cost and run through them until you get to the "mid point" where the sum of costs of all combinations seen is half the total cost (which is 6144, incidentally) you get to an "average" combination.
the reason i did all this was because i though taking this into account, the average combination might be longer than 5 buttons. but it's not. so this was all a waste of time really.
posted by andrewcooke at 1:57 PM on July 25, 2015 [3 favorites]
Best answer: The other thing you need to keep in mind is that physical security is not all there is to security. Not telling people how many buttons are involved in the combination is part of security. Not advising people that 1-2-3 is the same code as 3-2-1 is part of security. I suspect that most people likely would not know that just by looking at the thing. This is counter-intuitive since it is not the way combination usually work. Most combination locks involve a set number of keys and the order matters. So make sure that you aren't casually going around commenting on that to people you know. It is sort of a funny thing and makes for a good anecdote, so some folks might be tempted to make small talk about such things, but that small talk compromises your security.
Because so many combination locks/codes require either 3 or 4 numbers, I would be inclined to not use 3 or 4 numbers. People who have no idea how this particular thing works will probably assume that it requires either 3 or 4 numbers and will probably start there. To me, that alone makes 5 buttons pressed a good place to start.
posted by Michele in California at 2:02 PM on July 25, 2015 [3 favorites]
Because so many combination locks/codes require either 3 or 4 numbers, I would be inclined to not use 3 or 4 numbers. People who have no idea how this particular thing works will probably assume that it requires either 3 or 4 numbers and will probably start there. To me, that alone makes 5 buttons pressed a good place to start.
posted by Michele in California at 2:02 PM on July 25, 2015 [3 favorites]
I would go with six, just as a human nature 'fudge factor'. In theory, yes, there are more possible 5-press combinations, but part of the secret is how many are pressed.
Also an important part of the secret is the binary number, any order pressed nature. Don't tell anyone that, because 1024 combinations is definitely not very deterring sounding. I could try them all eventually, if I wasn't in a hurry and remembered where I left off each time.
So, six, because I'd start with all the one press combos, then the twos, etc.
posted by ctmf at 3:50 PM on July 25, 2015
Also an important part of the secret is the binary number, any order pressed nature. Don't tell anyone that, because 1024 combinations is definitely not very deterring sounding. I could try them all eventually, if I wasn't in a hurry and remembered where I left off each time.
So, six, because I'd start with all the one press combos, then the twos, etc.
posted by ctmf at 3:50 PM on July 25, 2015
Combo locks being only a delaying tactic in the overall security plan, you'll want to locate this in an area where untrusted people don't get unsupervised access for more time than it would take to try 1024 times. Maybe a tell-tale feature like a tamper seal that has to be broken to make an attempt, with replacement seals limited to authorized people. It's really not that much security by itself.
posted by ctmf at 3:59 PM on July 25, 2015
posted by ctmf at 3:59 PM on July 25, 2015
Is this one of those keysafes that also padlocks itself to something, or is it just a small box that could in theory be carried off and discreetly smashed with a rock? Because if the latter, it doesn't really matter what the code is since a hypothetical attacker will certainly just do that. If the former, lock it to the house in a spot where it can only be opened in full view of the public (like a front porch railing, for instance) which will prevent your hypothetical attacker from being able to try more than a handful of combinations before looking awfully suspicious to any bystanders. Then you can make the combo basically whatever you like.
posted by Anticipation Of A New Lover's Arrival, The at 7:03 PM on July 25, 2015 [1 favorite]
posted by Anticipation Of A New Lover's Arrival, The at 7:03 PM on July 25, 2015 [1 favorite]
If this is a long term installation, you also need to change the combination periodically, because if you don't, the used and unused buttons will wear differently.
posted by Bruce H. at 7:51 PM on July 25, 2015 [3 favorites]
posted by Bruce H. at 7:51 PM on July 25, 2015 [3 favorites]
For those unfamiliar, MinPin is referring to KeyGuards, KeySafes, and the like. My office building has them on their utility rooms.
posted by zinon at 4:31 AM on July 26, 2015
posted by zinon at 4:31 AM on July 26, 2015
« Older classical music that is fast moving and upbeat. | Best practices for (re-)setting up a facebook... Newer »
This thread is closed to new comments.
Does the safe unlock as soon as the correct combination is pressed, or do you have to press another button to check the combination? Because I think that we're looking at likely human search strategies rather than statistically least likely to be a combination.
posted by straw at 12:02 PM on July 25, 2015 [5 favorites]