A security puzzle

T.Rex · 2007-02-07, 14:35

Hello,
My Bank provides its customers with a Web interface so they can get information about their account from home.
One must give a number and a secret key. The number is typed with the keyboard, though the mouse is used to securely give the key (6 digits between 0 and 9).
In a a 5x5 square, the 10 digits (0..9) are randomly placed: the customer must "click" each of the 6 digits that make the key, from left digit to right digit.
That seems perfect ... but the digits are not really randomly placed on the 5x5 square (seems they have made a mistake): the 10 digits are placed, from 0 to 9 (or from 1 to 9 and then 0) from the left to the right and from the top to the bottom of the square. (There are also some not-perfect symmetries in the way the digits are placed in the square, but that seems difficult to see a rule.)
See the examples below.
As an example, let say the key is: 451093 and that i-j represent case of line i (from top to bottom) and column j (from left to right), with i and j from 1 to 5. Thus, a customer would have to click the cases: (2-1 3-2 1-2 1-1 5-4 1-5) to provide the secret key.

My opinion is that, with a spy gathering the "mouse clicks", it would be possible to find the key with a limited (less than 100) number of collects. Because one can build relations ships between the 6 digits : (2-1 3-2 1-2) for 451 means that second digit is greater than first digit and that third digit is smaller than first and second digits, and so on with the other digits, and so on with more examples of the customer giving the secret key with a different square.
But I have no idea about which Math theory would help.

Do you have ideas and can you propose algorithms or real code ?
Regards,
Tony

T.Rex · 2007-02-07, 14:36

Another example.
Customer must type: (1-5 3-2 1-2 5-5 4-5 1-4) .

T.Rex · 2007-02-07, 14:37

A third example.
Customer must type: (3-3 3-5 1-2 4-5 4-4 3-2) .

Let me know if more examples are needed.
T.

Xyzzy · 2007-02-08, 17:56

We still can't withdraw any money from your account even with those clues. Please provide more detailed examples.

T.Rex · 2007-02-08, 18:29

(451093) -> (3-4 4-1 1-3 1-2 5-4 2-4)
(abcdef)

Easy to see that 4th digit d in (abcdef) is 0, 1 or 2. And that 3th digit c = d+1 .
So, it seems easier to find small digits (0, 1, 2, 3) than big ones (9, 8, 7, 6).

T.Rex · 2007-02-08, 18:36

(451093) -> (2-4 3-1 1-1 5-3 5-2 2-1)
(abcdef).........a....b....c....d....e....f

Easy to see that 3th digit c in (abcdef) is 0, or 1.
Since 4th digit d is now in the last row on the bottom and in the highest column on the right of this row, and since (previous example) d=c-1 , then d=0 and c=1 !

T.Rex · 2007-02-08, 18:38

Quote:

Originally Posted by Xyzzy

We still can't withdraw any money from your account even with those clues.

I will not tell you the name of my Bank !

Quote:

Please provide more detailed examples.

Do you need more ?

T.Rex · 2007-02-08, 22:09

(451093) -> (1-5 2-1 1-2 5-5 4-2 1-4)
(abcdef).........a....b....c....d....e....f

Since b appears just after a (in the order the crazzy program of my Bank puts digits) then: b=a+1 .

Oh, thanks to example 5 in post #6, since e appears just before d=0, then e=9 !

T.Rex · 2007-02-08, 22:17

(451093) -> (2-4 3-3 1-1 5-5 4-5 2-1)
(abcdef).........a....b....c....d....e....f

How to find more than 3 digits ?

gribozavr · 2007-02-08, 22:46

What do you mean by 'a spy gathering the "mouse clicks"'? If someone is able to run arbitrary code on your machine, they can take screenshots of (say) 20x20 pixel area under your mouse pointer at every click. From the screenshots it is very easy to read the code, even for an automated OCR, as the text is not obfuscated.

T.Rex · 2007-02-09, 15:31

Quote:

Originally Posted by gribozavr

What do you mean by 'a spy gathering the "mouse clicks"'? If someone is able to run arbitrary code on your machine, they can take screenshots of (say) 20x20 pixel area under your mouse pointer at every click. From the screenshots it is very easy to read the code, even for an automated OCR, as the text is not obfuscated.

I suppose what you say is possible. I'm not an expert and I thought it may be complex to have screenshots of the PC display at every click ; also I thought that the size (several MBs) would be a problem for a spy. But, if taking a screenshot of a reduced part of the display around the clicks is possible ... that means that no Bank access is secure on a PC ! I have tools for searching and destroying spys, but you never know if a one of a new kind is not already at work ... My Bank should propose a mean based on my fingerprints !
However, we have here a nice puzzle: based only on the clicks, is it possible (thanks to the badly random way of placing the digits in the square) to guess a secret key ? I think some secret keys may be easier to compute than others, since small digits and high digits (0, 1, 8, 9) may be easier to find than the other ones. But, with many examples, a smart program could deduce information about statistics ...
So, is someone interesting to elaborate some strategy ?
I'll have more free time next week, and I'll try to write some program ...
Here is another example. N° 8. (451093) --> (1-5 3-1 1-1 5-4 5-3 1-3)
Thanks,
Tony

2007-02-07, 14:35	#1
T.Rex Feb 2004 France 1657₈ Posts	A security puzzle Hello, My Bank provides its customers with a Web interface so they can get information about their account from home. One must give a number and a secret key. The number is typed with the keyboard, though the mouse is used to securely give the key (6 digits between 0 and 9). In a a 5x5 square, the 10 digits (0..9) are randomly placed: the customer must "click" each of the 6 digits that make the key, from left digit to right digit. That seems perfect ... but the digits are not really randomly placed on the 5x5 square (seems they have made a mistake): the 10 digits are placed, from 0 to 9 (or from 1 to 9 and then 0) from the left to the right and from the top to the bottom of the square. (There are also some not-perfect symmetries in the way the digits are placed in the square, but that seems difficult to see a rule.) See the examples below. As an example, let say the key is: 451093 and that i-j represent case of line i (from top to bottom) and column j (from left to right), with i and j from 1 to 5. Thus, a customer would have to click the cases: (2-1 3-2 1-2 1-1 5-4 1-5) to provide the secret key. My opinion is that, with a spy gathering the "mouse clicks", it would be possible to find the key with a limited (less than 100) number of collects. Because one can build relations ships between the 6 digits : (2-1 3-2 1-2) for 451 means that second digit is greater than first digit and that third digit is smaller than first and second digits, and so on with the other digits, and so on with more examples of the customer giving the secret key with a different square. But I have no idea about which Math theory would help. Do you have ideas and can you propose algorithms or real code ? Regards, Tony Attached Thumbnails

2007-02-07, 14:36	#2
T.Rex Feb 2004 France 23×41 Posts	Another example Another example. Customer must type: (1-5 3-2 1-2 5-5 4-5 1-4) . Attached Thumbnails Last fiddled with by T.Rex on 2007-02-07 at 14:39

2007-02-07, 14:37	#3
T.Rex Feb 2004 France 23×41 Posts	A third example A third example. Customer must type: (3-3 3-5 1-2 4-5 4-4 3-2) . Let me know if more examples are needed. T. Attached Thumbnails Last fiddled with by T.Rex on 2007-02-07 at 14:41

2007-02-08, 18:29	#5
T.Rex Feb 2004 France 23·41 Posts	Other examples (451093) -> (3-4 4-1 1-3 1-2 5-4 2-4) (abcdef) Easy to see that 4th digit d in (abcdef) is 0, 1 or 2. And that 3th digit c = d+1 . So, it seems easier to find small digits (0, 1, 2, 3) than big ones (9, 8, 7, 6). Attached Thumbnails

2007-02-08, 22:09	#8
T.Rex Feb 2004 France 23×41 Posts	Example 6 (451093) -> (1-5 2-1 1-2 5-5 4-2 1-4) (abcdef).........a....b....c....d....e....f Since b appears just after a (in the order the crazzy program of my Bank puts digits) then: b=a+1 . Oh, thanks to example 5 in post #6, since e appears just before d=0, then e=9 ! Attached Thumbnails Last fiddled with by T.Rex on 2007-02-08 at 22:11

2007-02-08, 17:56	#4
Xyzzy Aug 2002 3·43·67 Posts	We still can't withdraw any money from your account even with those clues. Please provide more detailed examples.

2007-02-08, 18:36	#6
T.Rex Feb 2004 France 23×41 Posts	Other examples (451093) -> (2-4 3-1 1-1 5-3 5-2 2-1) (abcdef).........a....b....c....d....e....f Easy to see that 3th digit c in (abcdef) is 0, or 1. Since 4th digit d is now in the last row on the bottom and in the highest column on the right of this row, and since (previous example) d=c-1 , then d=0 and c=1 ! Attached Thumbnails

2007-02-08, 22:17	#9
T.Rex Feb 2004 France 23×41 Posts	Example 7 (451093) -> (2-4 3-3 1-1 5-5 4-5 2-1) (abcdef).........a....b....c....d....e....f How to find more than 3 digits ? Attached Thumbnails

2007-02-08, 22:46	#10
gribozavr Mar 2005 Internet; Ukraine, Kiev 11×37 Posts	What do you mean by 'a spy gathering the "mouse clicks"'? If someone is able to run arbitrary code on your machine, they can take screenshots of (say) 20x20 pixel area under your mouse pointer at every click. From the screenshots it is very easy to read the code, even for an automated OCR, as the text is not obfuscated.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Unclear Security	Nick	Soap Box	234	2023-04-15 13:50
Water security	Nick	Soap Box	131	2021-10-05 07:55
security of the webpage?	Unregistered	Information & Answers	4	2013-02-08 04:42
Key fob security.	Xyzzy	Science & Technology	13	2007-03-09 02:39
PrimeNet Security	Damian	PrimeNet	7	2005-06-21 12:46