Email: Password: Remember Me | Create Account (Free)

Back to Subject List

Old thread has been locked -- no new posts accepted in this thread
Per Westermark
07/14/12 23:10
Read: 589 times

Msg Score: +1
 +1 Good Answer/Helpful
#187942 - High/low security
Responding to: Jez Smith's previous message
I'm pretty sure that there are no hash used for the majority of 4-digit locks. A large percentage of them are merely toys.

And I have seen too many implementations that does early-out algorithms for the matching, changing the response time depending on which was the first incorrect digit entered. Extra interesting when the code reads out every digit from an external, serially connected, EEPROM.

Even "best" is that I have seen locks that uses DTMF tones as feedback for pressed buttons. So you can stand 5 meters away and listen to the tone pattern and then experiment on your own phone until you get the same "melody"...

SHA may be seen as cryptographically strong, but that is irrelevant for the small number range covered by 4 digits. If the digits aren't pre/post-conditioned properly, I can loop through the 10 thousand combinations almost instantly. And anyone who can get the access to the EEPROM may also be able to get access to a memory dump of the program - there are huge amounts of devices out there released without any code-protection flags set.

In the end - anyone making a really secure device isn't likely to ask for basic conceptual help on this forum.

List of 13 messages in thread
Password in EEPROM      Arif Deshmukh      07/13/12 17:29      
   Checksum      Per Westermark      07/13/12 21:29      
      8-digit code      Per Westermark      07/13/12 21:36      
         Master Code      Arif Deshmukh      07/13/12 22:35      
            So what does the requirements spec say?      Per Westermark      07/13/12 22:47      
            master codes ....      Erik Malund      07/14/12 01:12      
               This is a low-security lock - or no measly 4-digit PIN      Per Westermark      07/14/12 01:18      
                  language      Erik Malund      07/14/12 08:48      
                     just a thought      Erik Malund      07/14/12 09:09      
                        Never give access when locked      Per Westermark      07/14/12 10:14      
                     PIN + PUK      Per Westermark      07/14/12 10:11      
   The eeprom doesnt hold the password      Jez Smith      07/14/12 19:57      
      High/low security        Per Westermark      07/14/12 23:10      

Back to Subject List