mersenneforum.org A security puzzle
 User Name Remember Me? Password
 Register FAQ Search Today's Posts Mark Forums Read

 2007-02-07, 14:35 #1 T.Rex     Feb 2004 France 16458 Posts A security puzzle Hello, My Bank provides its customers with a Web interface so they can get information about their account from home. One must give a number and a secret key. The number is typed with the keyboard, though the mouse is used to securely give the key (6 digits between 0 and 9). In a a 5x5 square, the 10 digits (0..9) are randomly placed: the customer must "click" each of the 6 digits that make the key, from left digit to right digit. That seems perfect ... but the digits are not really randomly placed on the 5x5 square (seems they have made a mistake): the 10 digits are placed, from 0 to 9 (or from 1 to 9 and then 0) from the left to the right and from the top to the bottom of the square. (There are also some not-perfect symmetries in the way the digits are placed in the square, but that seems difficult to see a rule.) See the examples below. As an example, let say the key is: 451093 and that i-j represent case of line i (from top to bottom) and column j (from left to right), with i and j from 1 to 5. Thus, a customer would have to click the cases: (2-1 3-2 1-2 1-1 5-4 1-5) to provide the secret key. My opinion is that, with a spy gathering the "mouse clicks", it would be possible to find the key with a limited (less than 100) number of collects. Because one can build relations ships between the 6 digits : (2-1 3-2 1-2) for 451 means that second digit is greater than first digit and that third digit is smaller than first and second digits, and so on with the other digits, and so on with more examples of the customer giving the secret key with a different square. But I have no idea about which Math theory would help. Do you have ideas and can you propose algorithms or real code ? Regards, Tony Attached Thumbnails
 2007-02-07, 14:36 #2 T.Rex     Feb 2004 France 3×311 Posts Another example Another example. Customer must type: (1-5 3-2 1-2 5-5 4-5 1-4) . Attached Thumbnails   Last fiddled with by T.Rex on 2007-02-07 at 14:39
 2007-02-07, 14:37 #3 T.Rex     Feb 2004 France 3·311 Posts A third example A third example. Customer must type: (3-3 3-5 1-2 4-5 4-4 3-2) . Let me know if more examples are needed. T. Attached Thumbnails   Last fiddled with by T.Rex on 2007-02-07 at 14:41
 2007-02-08, 17:56 #4 Xyzzy     Aug 2002 100001011010102 Posts We still can't withdraw any money from your account even with those clues. Please provide more detailed examples.
 2007-02-08, 18:29 #5 T.Rex     Feb 2004 France 3×311 Posts Other examples (451093) -> (3-4 4-1 1-3 1-2 5-4 2-4) (abcdef) Easy to see that 4th digit d in (abcdef) is 0, 1 or 2. And that 3th digit c = d+1 . So, it seems easier to find small digits (0, 1, 2, 3) than big ones (9, 8, 7, 6). Attached Thumbnails
 2007-02-08, 18:36 #6 T.Rex     Feb 2004 France 16458 Posts Other examples (451093) -> (2-4 3-1 1-1 5-3 5-2 2-1) (abcdef).........a....b....c....d....e....f Easy to see that 3th digit c in (abcdef) is 0, or 1. Since 4th digit d is now in the last row on the bottom and in the highest column on the right of this row, and since (previous example) d=c-1 , then d=0 and c=1 ! Attached Thumbnails
2007-02-08, 18:38   #7
T.Rex

Feb 2004
France

3×311 Posts

Quote:
 Originally Posted by Xyzzy We still can't withdraw any money from your account even with those clues.
I will not tell you the name of my Bank !
Quote:
 Please provide more detailed examples.
Do you need more ?

 2007-02-08, 22:09 #8 T.Rex     Feb 2004 France 11101001012 Posts Example 6 (451093) -> (1-5 2-1 1-2 5-5 4-2 1-4) (abcdef).........a....b....c....d....e....f Since b appears just after a (in the order the crazzy program of my Bank puts digits) then: b=a+1 . Oh, thanks to example 5 in post #6, since e appears just before d=0, then e=9 ! Attached Thumbnails   Last fiddled with by T.Rex on 2007-02-08 at 22:11
 2007-02-08, 22:17 #9 T.Rex     Feb 2004 France 3·311 Posts Example 7 (451093) -> (2-4 3-3 1-1 5-5 4-5 2-1) (abcdef).........a....b....c....d....e....f How to find more than 3 digits ? Attached Thumbnails
 2007-02-08, 22:46 #10 gribozavr     Mar 2005 Internet; Ukraine, Kiev 11·37 Posts What do you mean by 'a spy gathering the "mouse clicks"'? If someone is able to run arbitrary code on your machine, they can take screenshots of (say) 20x20 pixel area under your mouse pointer at every click. From the screenshots it is very easy to read the code, even for an automated OCR, as the text is not obfuscated.
2007-02-09, 15:31   #11
T.Rex

Feb 2004
France

3·311 Posts
Example 8

Quote:
 Originally Posted by gribozavr What do you mean by 'a spy gathering the "mouse clicks"'? If someone is able to run arbitrary code on your machine, they can take screenshots of (say) 20x20 pixel area under your mouse pointer at every click. From the screenshots it is very easy to read the code, even for an automated OCR, as the text is not obfuscated.
I suppose what you say is possible. I'm not an expert and I thought it may be complex to have screenshots of the PC display at every click ; also I thought that the size (several MBs) would be a problem for a spy. But, if taking a screenshot of a reduced part of the display around the clicks is possible ... that means that no Bank access is secure on a PC ! I have tools for searching and destroying spys, but you never know if a one of a new kind is not already at work ... My Bank should propose a mean based on my fingerprints !
However, we have here a nice puzzle: based only on the clicks, is it possible (thanks to the badly random way of placing the digits in the square) to guess a secret key ? I think some secret keys may be easier to compute than others, since small digits and high digits (0, 1, 8, 9) may be easier to find than the other ones. But, with many examples, a smart program could deduce information about statistics ...
So, is someone interesting to elaborate some strategy ?
I'll have more free time next week, and I'll try to write some program ...
Here is another example. N° 8. (451093) --> (1-5 3-1 1-1 5-4 5-3 1-3)
Thanks,
Tony
Attached Thumbnails

 Thread Tools

 Similar Threads Thread Thread Starter Forum Replies Last Post Nick Soap Box 224 2022-10-15 17:20 Nick Soap Box 131 2021-10-05 07:55 Unregistered Information & Answers 4 2013-02-08 04:42 Xyzzy Science & Technology 13 2007-03-09 02:39 Damian PrimeNet 7 2005-06-21 12:46

All times are UTC. The time now is 10:06.

Tue Jan 31 10:06:52 UTC 2023 up 166 days, 7:35, 0 users, load averages: 0.66, 0.94, 0.91

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.

≠ ± ∓ ÷ × · − √ ‰ ⊗ ⊕ ⊖ ⊘ ⊙ ≤ ≥ ≦ ≧ ≨ ≩ ≺ ≻ ≼ ≽ ⊏ ⊐ ⊑ ⊒ ² ³ °
∠ ∟ ° ≅ ~ ‖ ⟂ ⫛
≡ ≜ ≈ ∝ ∞ ≪ ≫ ⌊⌋ ⌈⌉ ∘ ∏ ∐ ∑ ∧ ∨ ∩ ∪ ⨀ ⊕ ⊗ 𝖕 𝖖 𝖗 ⊲ ⊳
∅ ∖ ∁ ↦ ↣ ∩ ∪ ⊆ ⊂ ⊄ ⊊ ⊇ ⊃ ⊅ ⊋ ⊖ ∈ ∉ ∋ ∌ ℕ ℤ ℚ ℝ ℂ ℵ ℶ ℷ ℸ 𝓟
¬ ∨ ∧ ⊕ → ← ⇒ ⇐ ⇔ ∀ ∃ ∄ ∴ ∵ ⊤ ⊥ ⊢ ⊨ ⫤ ⊣ … ⋯ ⋮ ⋰ ⋱
∫ ∬ ∭ ∮ ∯ ∰ ∇ ∆ δ ∂ ℱ ℒ ℓ
𝛢𝛼 𝛣𝛽 𝛤𝛾 𝛥𝛿 𝛦𝜀𝜖 𝛧𝜁 𝛨𝜂 𝛩𝜃𝜗 𝛪𝜄 𝛫𝜅 𝛬𝜆 𝛭𝜇 𝛮𝜈 𝛯𝜉 𝛰𝜊 𝛱𝜋 𝛲𝜌 𝛴𝜎𝜍 𝛵𝜏 𝛶𝜐 𝛷𝜙𝜑 𝛸𝜒 𝛹𝜓 𝛺𝜔