| ??? 07/15/12 05:10 Read: times Msg Score: +1 +1 Good Answer/Helpful |
#187942 - High/low security Responding to: ???'s previous message |
I'm pretty sure that there are no hash used for the majority of 4-digit locks. A large percentage of them are merely toys.
And I have seen too many implementations that does early-out algorithms for the matching, changing the response time depending on which was the first incorrect digit entered. Extra interesting when the code reads out every digit from an external, serially connected, EEPROM. Even "best" is that I have seen locks that uses DTMF tones as feedback for pressed buttons. So you can stand 5 meters away and listen to the tone pattern and then experiment on your own phone until you get the same "melody"... SHA may be seen as cryptographically strong, but that is irrelevant for the small number range covered by 4 digits. If the digits aren't pre/post-conditioned properly, I can loop through the 10 thousand combinations almost instantly. And anyone who can get the access to the EEPROM may also be able to get access to a memory dump of the program - there are huge amounts of devices out there released without any code-protection flags set. In the end - anyone making a really secure device isn't likely to ask for basic conceptual help on this forum. |
| Topic | Author | Date |
| Password in EEPROM | 01/01/70 00:00 | |
| Checksum | 01/01/70 00:00 | |
| 8-digit code | 01/01/70 00:00 | |
| Master Code | 01/01/70 00:00 | |
| So what does the requirements spec say? | 01/01/70 00:00 | |
| master codes .... | 01/01/70 00:00 | |
| This is a low-security lock - or no measly 4-digit PIN | 01/01/70 00:00 | |
| language | 01/01/70 00:00 | |
| just a thought | 01/01/70 00:00 | |
| Never give access when locked | 01/01/70 00:00 | |
| PIN + PUK | 01/01/70 00:00 | |
| The eeprom doesnt hold the password | 01/01/70 00:00 | |
High/low security | 01/01/70 00:00 |