• phil (unregistered)

    If it's one of those mechanical locks where you can only use a button once in a combination, it takes just a few minutes to cycle through the entire universe of possible combinations. I know because I had to do it on a lock at work a few years back. Three digits, no repeats allowed - 5 minutes tops.

  • (cs) in reply to gwenhwyfaer
    gwenhwyfaer:
    ChadN:
    AngryRichard:
    Apparently, 24 possible combinations was enough to keep the art students out.
    For a keypad with 10 digits...
    ...which is why the post you're replying to specified a keypad with 4 digits. I'm guessing what really kept the art students out is that they didn't read the question either.

    Thanks for your polite reply, and now I understand the situation. My confusion was the joke about 24 combinations being enough to foil the art students, which I took to mean the lock only allowed unique digits (which would be insane for a 4 button keypad). If in fact the art students didn't know the restriction specified by the professor, they are being foiled by potentially many more possible combinations.

    Actually a rather clever assignment, and perhaps I wasn't the only one confused by the description. I'll try harder to comprehend next time, your majesty.

  • Coyne (unregistered)

    I went to take a course at a training room once. It had 30 nice computers, so the building manager had a lock installed on the front door.

    The secretaries were not allowed a key to this door, naturally (can't trust them after all). The building manager that had the key wasn't there, since our course was (by arrangement) outside normal business hours.

    So how do we get in for the course?

    Well, the room also had a back door, into an adjacent room. That door had the keyhole on the inside of the training room and a standard pushbutton on the outside. Turn the knob {click), enter through that door, walk to front door, unlock front doors. (The secretaries were even kind enough to suggest this approach...and, yes, it was clear they thought it was silly to have a backwards lock on the back door.)

    When we were done with the course, one of us relocked the front doors and exited through the back. (We even locked that door, FWIW.)

  • Kryo (unregistered)

    Doh!

  • Anonymous (unregistered)

    Years ago I was the IT Manager at a company and I had a master key, until the CFO decided that no one but facilities should have a master key, so I had to give mine back. In it's place I had about a dozen keys to get into all the offices that I needed access to. One Saturday I needed to get into a place that I didn't have the key for, so I went looking for a way to get in. I knew where the key safe was and checked that, but it was securely locked (of course). So I thought "where would the facilities guy put the key to the key safe?" carrying it with him was unlikely, since he only needed it in the building and his desk was not in a locked office, just in the corner of the warehouse. Open the top drawer and there was a key that fit the keysafe perfectly and inside were all the confiscated master keys neatly labeled to make it easy to borrow them as needed.

    Then, a few weeks later, Mr. CFO came in on a Saturday without the key to his private office. He came and asked me to let him in. I reminded him that he made me give up my master key (trying not to smirk in an obvious fashion). He was really upset that he was locked out, so I finally got a ladder and crawled over the wall via the suspended ceiling, making a big deal of my commitment to helping him out of his predicament.

  • adjuster (unregistered) in reply to esquilax
    these Simplex locks ship with the combination 2+4 then 3. try that first. 90% of the time, nobody bothered to change the combination.
    That's rich. That's the simplex combination on one of my Customers' server rooms! Tee-hee...
  • (cs) in reply to Eric76
    Eric76:
    In many places, hitting the fire alarm opens every electronic door. That way, the firemen won't be locked out from the fire they are there to extinguish.

    ... and if not, firemen have this handy global passkey tool:

    [image]
  • Eric76 (unregistered)

    On the subject of master keys, when I was a math grad student back in the 70s, my officemate, Paul, had managed to acquire a master key to the entire math department from another grad student who was leaving school.

    Of course, he had no authorization of any kind for the key. But it was handy since our keys would only open the front door even though we nearly always wanted to go through the back door. To the best of our knowledge, there were only three people who knew he had the key, one of whom was no longer there.

    One day the departmental secretary came by looking for someone and mentioned that she was trying to account for all the master keys in the building. As she was walking away, I told her that if she found any not in use, I'd like to have one.

    I was sure surprised when she answered back with "Why don't you just borrow Paul's key?"

  • Frederic (unregistered)

    In response to those commenting on how hard it is to brute force keylocks... I once bruteforced 16000 out of 16800 something possible combinations on a codelock for a game called Atlantis by Cryo. The key was regenerated every time you started a new game, and you were supposed to notice a hole in the wall right before a locked room where you could see the code... I didn't notice the whole, and the hidden drawer... and I didn't have a recent save game, so I sat for a couple hours iterating over all the possible combinations... 4 dials with I think 8 combinations each? I don't remember anymore... but brute forcing that much doesn't mean much if someone actually has a reason... mine was just I wanted to get to the next room...

    CAPTCHA pointer

  • Wacky (unregistered)

    I once bruteforced my way into a 4number passkey guarded door in a game called "maniac mansion", luckily the key "0000" worked so i got it on the first try :-p

    Dunno of that was intentional by the game or if i somehow triggered some bug....

  • (cs) in reply to Wacky
    Wacky:
    I once bruteforced my way into a 4number passkey guarded door in a game called "maniac mansion", luckily the key "0000" worked so i got it on the first try :-p

    Dunno of that was intentional by the game or if i somehow triggered some bug....

    Well... search for "HOW DO I FIND THE SECRET COMBINATION TO THE LABORATORY" on GameFAQs' walkthrough of Maniac Mansion ;-)

  • jks (unregistered) in reply to boolean
    boolean:
    it would allow the correct code to be entered in the middle of a bunch of wrong numbers (ie, if the code was 1234, typing 987123456 would work. He produced an optimized sequence of about 300 numbers that, if typed in correctly (it would only take a few minutes), would be equivalent to trying every combination

    That's called a de Bruijn sequence. (If you have 10 digits and a 4-digit code, obviously you need a sequence of at least 10003 button presses, since there are 10000 possible combinations and the first three presses do not complete a combination. This bound is achievable with the de Bruijn sequence.)

  • SQB (unregistered) in reply to The Fox
    The Fox:
    I'm reminded of the lock in the care home where my grandma used to live. They had a poem posted above the keypad that was something like, Nine trees on a hill Three dogs barking Eight boys playing violent video games (or something roughly like that) It kept in the people they wanted to keep in, anyway.
    I once saw an even simpler version of that. Next to the door was a sign that stated that the combination was the current year. Kinda sad -- apparently the people they needed to keep in were so far gone that they didn't know what year it was.
  • David V. (unregistered)

    Just make GRG a WTF team member already, I love his articles like a fat kid loves cake.

  • (cs) in reply to Coyne
    Coyne:
    Well, the room also had a back door, into an adjacent room. That door had the keyhole on the inside of the training room and a standard pushbutton on the outside.
    That was the same method we used to get into a classroom at our local TAFE (sort of a mix of "community college" and adult learning type places). The IT "hardware room" (classroom for students to play with hardware) had a storeroom with a copier in it. It was also the copier used by most teaching staff, so the external door was almost always propped open. Walk in, turn the handle on the next door, and we were into the hardware room.

    Apparently it's been fixed now...

  • Anonymous (unregistered) in reply to boolean
    boolean:
    I read somewhere once (can't find it now) that someone had found out how to crack a particular car's combination door-lock. It turns out that it would allow the correct code to be entered in the middle of a bunch of wrong numbers (ie, if the code was 1234, typing 987123456 would work. He produced an optimized sequence of about 300 numbers that, if typed in correctly (it would only take a few minutes), would be equivalent to trying every combination. Quite interesting stuff.

    That was one of my 1st year assignments in a CS course. This optimization problem can be solved by using graph theories. I can't remember the details of the solution any more, and I'm too lazy to work on it again seriously.

    But if memory serves, it involves finding a Hamiltonian trail through all the nodes in the graph, in which each node represents a possible code, and edges connect codes that overlap with one another except for the first or last digit. e.g. 1234 would connect to x123 and 234y, where x and y are any digit. The Hamiltonian trail will represent the sequence of codes you need to enter to try all the codes on such a combo-lock. Further, it can be proved by induction (on the length of the code) that such an optimal sequence always exist! The proof is constructive, too, meaning that it does not only show you that the solution exists, but also demonstrates how you can find one.

  • Blame (unregistered) in reply to Stanley Szoctziczsky
    Stanley Szoctziczsky:
    IHaveNoName:-(:
    I was expecting the key to be 1 2 3 4

    Hey! I have the same combination on my luggage!

    My girlfriend has luggage with a combination lock which isn't 1234 or anything silly. One time, after returning from the US to the UK and home, she opened her case and found an official form saying that it had been inspected. They'd opened it up, checked it out and locked it again, even setting the dials back to the 0000 that she'd left them on. Bosh!

  • Johannes (unregistered)

    All the people coming up with mathematical formula and long explanations to prove the number of combinations...ehrm..why is it so hard to consider that with a decimal keypad of 4 gitis you get 10000 possible combinations? It's just a number from 0000 to 9999.

  • Johannes (unregistered)

    gitis? digits

  • Azd (unregistered)

    On a similar note:

    The CS building at my old University had a code access on the main door, so we could use it at any time of day.

    Initally the code was 0004, but when we found that simply pressing 4 would also open the door, it was quickly changed to something that didn't begin with 0.

  • JLovesCupcakes (unregistered) in reply to Azd
    Azd:
    Initally the code was 0004, but when we found that simply pressing 4 would also open the door, it was quickly changed to something that didn't begin with 0.

    I hereby vote this at The Real WTF!

  • Hallvard (unregistered) in reply to travisowens
    travisowens:
    1-2-3-4? Amazing! That's the same combination on my luggage
    Another variant from User Friendly
  • (cs) in reply to Not Zygo ;-)
    Not Zygo ;-):
    mike5:
    wilkeson:
    I was half expecting the code to be: 1 2 3 4

    Amazing! That's the same combination a have on my luggage.

    I don't get the joke. My luggage combination is 7593, but you don't see me blabbing about it everywhere.

    I don't need a lock on my Luggage. Luggage will eat those that try to touch my stuff. :)
  • nombody (unregistered)

    A data center at a large financial services company that I once was sent to on assignment had very strict security. In order to get a keycard into the data center you had to give them your drivers license. The only problem was they didn't actually check to see if you were an employee or not. They kind of assumed if you made to the lobby of the data center area that you were allowed to go in.

  • Duston (unregistered)

    Maybe this was the same server room that had the toilet and mouse holes in the floor?

  • automata (unregistered) in reply to joomama
    joomama:
    Of course to art students 4! is just a loud four.

    It was a four 'with enthusiasm' to our Computing and Managament students, in a second year security module. Dread to think what they're doing now.

  • IT Guy.... (unregistered) in reply to joomama
    joomama:
    AngryRichard:
    The math department in our university had a lab with a bunch of top-of-the line Macs for running Mathematica (this was the shiznit back then), guarded by a similar 4 button cipherlock.

    In the first week of class, we were told about the lab, but not given the combination. Rather, we were told that the combination was 4 unique digits...

    Aparently, 24 possible combinations was enough to keep the art students out.

    Of course to art students 4! is just a loud four. ?

    Um... guys... that's 4 numbers out of 10. Key pad has 0-9 on it. That'd be 10!/(10-4)! or 10!/6! which is 5040 combinations. Not 24.

    Math department indeed...

  • Bob (unregistered)

    What is the problem here? As designed, the bad guys were kept out, the good guys got in.

  • IT Guy.... (unregistered) in reply to IT Guy....

    Whoops... I see now.

    Ok, nm.. :P

  • dolo54 (unregistered)

    This talk of 4 digit combinations reminds of the good old days of phreaking. back in the day mci gave out 5 digit codes to all their customers to allow them to make calls anywhere on their bill. Of course with only 5 digits and millions of customers it didn't take long for punching digits at random to come up with someone's number. Sometimes "my friend" would get one within the first 5 tries. He says, "tell your parents sorry about the massive phone bill and thanks for that totally awesome copy of boulderdash deluxe!"

  • Smitty (unregistered)

    I'm new here. So who is G.R.G?

    Regards,

    Smitty

  • (cs) in reply to Not Zygo ;-)
    Not Zygo ;-):
    mike5:
    wilkeson:
    I was half expecting the code to be: 1 2 3 4

    Amazing! That's the same combination a have on my luggage.

    I don't get the joke. My luggage combination is 7593, but you don't see me blabbing about it everywhere.

    The full quote is more like: Guy 1: The secret code is 1-2-3-4 Guy 2: 1234? That's the stupidest combination I've ever heard of in my life! That's the kinda thing an idiot would have on his luggage! Guy 3: Amazing! That's the same combination I have on my luggage.

    -Me

  • Worf (unregistered)

    "1-2-3-4" as a code can mean two different numbers, actually.

    The first is the obvious, "1234".

    The second is "2444". (one '2', three '4's)...

  • JL (unregistered) in reply to esquilax
    esquilax:
    just for future reference:

    these Simplex locks ship with the combination 2+4 then 3. try that first. 90% of the time, nobody bothered to change the combination. if that's not it, you can download a chart with all of the available combinations on it. it only takes about 15 minutes to go through them all.

    a side effect of this: don't trust anything important to only a Simplex lock.

    CAPTCHA: alarm.

    Likewise for typical dial combination locks. They have 40 digits on them, but most will open if you get within about 3 digits of each correct number, so you only have to check every five digits, which is less than 512 combinations (they probably avoid using combinations where the last two discs line up by default). If the lock doesn't scramble the discs on a failed test (i.e. so that you can retry the last digit repeatedly), you can get through all the combinations in 15-20 minutes.

  • jwb (unregistered) in reply to joomama

    As far as I was aware bumping doesn't actually damage the lock...

  • Flipside (unregistered) in reply to Monkios
    Monkios:
    Back in school, we used to go practice in our all new music classes with doors to protect the instrument that were supposed to be theft-safe.

    The doors were.. but the thing around it was old and we could easily use that credit card (that we called the Student-Id card) trick.

    Heh - we did the exact same thing in our music room, except the door opened outward so we would loop a guitar string around the door catch, pull, and enter.

  • (cs)
    From article:
    After all, keys could be duplicated and locks could be picked, and their Server Room had to remain completely secure.
    Yeah and it's impossible to duplicate a key-code!
  • Peter (unregistered) in reply to madjo
    madjo:
    Not Zygo ;-):
    mike5:
    wilkeson:
    I was half expecting the code to be: 1 2 3 4

    Amazing! That's the same combination a have on my luggage.

    I don't get the joke. My luggage combination is 7593, but you don't see me blabbing about it everywhere.

    I don't need a lock on my Luggage. Luggage will eat those that try to touch my stuff. :)

    Strange, I was expecting the name here to be Rincewind or Two Flower. :-)

  • (cs) in reply to ChadN
    ChadN:
    Thanks for your polite reply
    Indeed, for me that was a polite reply. Of course, if I'd realised how upset being ribbed about your clearly-stated ignorance would make you, I would have been sure to be a little less polite.
    My confusion was the joke about 24 combinations being enough to foil the art students, which I took to mean the lock only allowed unique digits (which would be insane for a 4 button keypad).
    Yes, because starting a post with a discussion of a ten digit keypad so clearly demonstrates that you read the "4 button lock" bit.
    If in fact the art students didn't know the restriction specified by the professor, they are being foiled by potentially many more possible combinations.
    Yes, the thought of having to go through all 232 of them must have been truly intimidating.
    I'll try harder to comprehend next time
    An effort that would be helped no end were you to actually read the post to which you're replying. Which, I believe, is where I came in...
    your majesty
    The proper term is "highness" when addressing a pretty pretty princess.
  • (cs) in reply to IHaveNoName:-(
    IHaveNoName:-(:
    I was expecting the key to be 1 2 3 4

    That's amazing! I've got the same combination on my air shield!

  • Anonymous (unregistered) in reply to ChadN
    ChadN:
    gwenhwyfaer:
    ChadN:
    AngryRichard:
    Apparently, 24 possible combinations was enough to keep the art students out.
    For a keypad with 10 digits...
    ...which is why the post you're replying to specified a keypad with 4 digits. I'm guessing what really kept the art students out is that they didn't read the question either.

    Thanks for your polite reply, and now I understand the situation. My confusion was the joke about 24 combinations being enough to foil the art students, which I took to mean the lock only allowed unique digits (which would be insane for a 4 button keypad). If in fact the art students didn't know the restriction specified by the professor, they are being foiled by potentially many more possible combinations.

    I think the difficulty that the arts students have is not whether they know the restrictions. It's rather that they're often unable to order their attempts in a systematic way (describable by a simple algorithm that they can follow) so as to iterate through every possible code. In other words, they may try: 1234, 1324, 4123, 3124, 1324 (again), 2314, 3124 (again), 1243, 4123 (again), 2143, and then give up. ;)

  • Partybwal (unregistered)

    Just wondering... what would the art students want to to in the lab? Is there any record of an art student ever trying to get through that door..?

    And the person who sat and iterated throgh thousands of combinations for a videogame - man that's stupid. No offense but geez... and the Maniac Mansion guy was just lucky really. If it's a game, of course there is some way to find the code or other way of getting past the door.

    And the Userfriendly strip - fabulous! I love all the ones where they are actually taking calls.

  • Partybwal (unregistered)

    That was excellent, how a few people started replying to the troll who said he didn't get the joke, and then someone pointed out his excellent trollmanship, and it just smothered away and was completely ignored.

    Excellent trollmanship indeed, but also excellent job at killing it.

  • pseudonym_7d8924db2734a0851d24071c61682b32 (unregistered)

    Heh, I didn't read the part of AngryRichard's post specifying the four button constraint, either :/ So I wrote a program, because I'm not very far advanced in math yet, to tell me how many combinations there are, if it would have to be ten buttons. Damn. I want my time back. Anyway, the real reason I'm here is this:

    Alex Papadimoulis:
    In fact, only the IT Headmaster and his two most trusted minions knew the code, and since G.R.G. and only been an employee for four years, he was not a member of that small circle.
    That's a pretty angular small circle!
  • (cs) in reply to pseudonym_7d8924db2734a0851d24071c61682b32
    pseudonym_7d8924db2734a0851d24071c61682b32:
    Anyway, the real reason I'm here is this:
    Alex Papadimoulis:
    In fact, only the IT Headmaster and his two most trusted minions knew the code, and since G.R.G. and only been an employee for four years, he was not a member of that small circle.
    That's a pretty angular small circle!

    So, how many does it take to make a true circle? 10? 100? How many does it take?

  • Hazelnut (unregistered) in reply to gwenhwyfaer
    gwenhwyfaer:
    The proper term is "highness" when addressing a pretty pretty princess.

    Volourn, is that you?

  • joomama (unregistered) in reply to IT Guy....
    IT Guy....:
    joomama:
    AngryRichard:
    The math department in our university had a lab with a bunch of top-of-the line Macs for running Mathematica (this was the shiznit back then), guarded by a similar 4 button cipherlock.

    In the first week of class, we were told about the lab, but not given the combination. Rather, we were told that the combination was 4 unique digits...

    Aparently, 24 possible combinations was enough to keep the art students out.

    Of course to art students 4! is just a loud four. ?

    Um... guys... that's 4 numbers out of 10. Key pad has 0-9 on it. That'd be 10!/(10-4)! or 10!/6! which is 5040 combinations. Not 24.

    Math department indeed...

    10 digits on a four button cypher lock? Do you press combinations of them to form the binary representation of the digit?

    From the parent post I got: -4 button cypher lock -4 unique digits in the code(so one would assume each button is used once unless they have some esoteric numbering scheme, which from the parent's post doesn't seem to be the case) -4!/(4!-4!) = 4!/0! = 4!/1 = 4! = 432*1 = 24

    Maybe you haven't experience the 4 button lock before, generally used to protect staff rooms in hich end retail stores such as K-mart.

  • joomama (unregistered) in reply to automata
    automata:
    joomama:
    Of course to art students 4! is just a loud four.

    It was a four 'with enthusiasm' to our Computing and Managament students, in a second year security module. Dread to think what they're doing now.

    Managing of course. At least that's what those people do where I work.

  • (cs) in reply to gwenhwyfaer
    gwenhwyfaer:
    Indeed, for me that was a polite reply. Of course, if I'd realised how upset being ribbed about your clearly-stated ignorance would make you, I would have been sure to be a little less polite.
    Ah, at least you admit that your agenda in this discussion is to troll. As they say.. *plonk*
  • Hognoxious (unregistered) in reply to Anonymous Coward
    Anonymous Coward:
    1 2 3 4 is a common default which most people who don't bother to change it is because they DON'T realize the importance of changing it.
    I always set the root password on a production server to "Whoosh".

    P.S. Are you German, by any chance?

Leave a comment on “Securing The Server Room”

Log In or post as a guest

Replying to comment #:

« Return to Article