20070207, 14:35  #1 
Feb 2004
France
1657_{8} Posts 
A security puzzle
Hello,
My Bank provides its customers with a Web interface so they can get information about their account from home. One must give a number and a secret key. The number is typed with the keyboard, though the mouse is used to securely give the key (6 digits between 0 and 9). In a a 5x5 square, the 10 digits (0..9) are randomly placed: the customer must "click" each of the 6 digits that make the key, from left digit to right digit. That seems perfect ... but the digits are not really randomly placed on the 5x5 square (seems they have made a mistake): the 10 digits are placed, from 0 to 9 (or from 1 to 9 and then 0) from the left to the right and from the top to the bottom of the square. (There are also some notperfect symmetries in the way the digits are placed in the square, but that seems difficult to see a rule.) See the examples below. As an example, let say the key is: 451093 and that ij represent case of line i (from top to bottom) and column j (from left to right), with i and j from 1 to 5. Thus, a customer would have to click the cases: (21 32 12 11 54 15) to provide the secret key. My opinion is that, with a spy gathering the "mouse clicks", it would be possible to find the key with a limited (less than 100) number of collects. Because one can build relations ships between the 6 digits : (21 32 12) for 451 means that second digit is greater than first digit and that third digit is smaller than first and second digits, and so on with the other digits, and so on with more examples of the customer giving the secret key with a different square. But I have no idea about which Math theory would help. Do you have ideas and can you propose algorithms or real code ? Regards, Tony 
20070207, 14:36  #2 
Feb 2004
France
23×41 Posts 
Another example
Another example.
Customer must type: (15 32 12 55 45 14) . Last fiddled with by T.Rex on 20070207 at 14:39 
20070207, 14:37  #3 
Feb 2004
France
23×41 Posts 
A third example
A third example.
Customer must type: (33 35 12 45 44 32) . Let me know if more examples are needed. T. Last fiddled with by T.Rex on 20070207 at 14:41 
20070208, 17:56  #4 
Aug 2002
3·43·67 Posts 
We still can't withdraw any money from your account even with those clues. Please provide more detailed examples.

20070208, 18:29  #5 
Feb 2004
France
23·41 Posts 
Other examples
(451093) > (34 41 13 12 54 24)
(abcdef) Easy to see that 4th digit d in (abcdef) is 0, 1 or 2. And that 3th digit c = d+1 . So, it seems easier to find small digits (0, 1, 2, 3) than big ones (9, 8, 7, 6). 
20070208, 18:36  #6 
Feb 2004
France
23×41 Posts 
Other examples
(451093) > (24 31 11 53 52 21)
(abcdef).........a....b....c....d....e....f Easy to see that 3th digit c in (abcdef) is 0, or 1. Since 4th digit d is now in the last row on the bottom and in the highest column on the right of this row, and since (previous example) d=c1 , then d=0 and c=1 ! 
20070208, 18:38  #7 
Feb 2004
France
943_{10} Posts 

20070208, 22:09  #8 
Feb 2004
France
23×41 Posts 
Example 6
(451093) > (15 21 12 55 42 14)
(abcdef).........a....b....c....d....e....f Since b appears just after a (in the order the crazzy program of my Bank puts digits) then: b=a+1 . Oh, thanks to example 5 in post #6, since e appears just before d=0, then e=9 ! Last fiddled with by T.Rex on 20070208 at 22:11 
20070208, 22:17  #9 
Feb 2004
France
23×41 Posts 
Example 7
(451093) > (24 33 11 55 45 21)
(abcdef).........a....b....c....d....e....f How to find more than 3 digits ? 
20070208, 22:46  #10 
Mar 2005
Internet; Ukraine, Kiev
11×37 Posts 
What do you mean by 'a spy gathering the "mouse clicks"'? If someone is able to run arbitrary code on your machine, they can take screenshots of (say) 20x20 pixel area under your mouse pointer at every click. From the screenshots it is very easy to read the code, even for an automated OCR, as the text is not obfuscated.

20070209, 15:31  #11  
Feb 2004
France
23·41 Posts 
Example 8
Quote:
However, we have here a nice puzzle: based only on the clicks, is it possible (thanks to the badly random way of placing the digits in the square) to guess a secret key ? I think some secret keys may be easier to compute than others, since small digits and high digits (0, 1, 8, 9) may be easier to find than the other ones. But, with many examples, a smart program could deduce information about statistics ... So, is someone interesting to elaborate some strategy ? I'll have more free time next week, and I'll try to write some program ... Here is another example. N° 8. (451093) > (15 31 11 54 53 13) Thanks, Tony 

Thread Tools  
Similar Threads  
Thread  Thread Starter  Forum  Replies  Last Post 
Unclear Security  Nick  Soap Box  234  20230415 13:50 
Water security  Nick  Soap Box  131  20211005 07:55 
security of the webpage?  Unregistered  Information & Answers  4  20130208 04:42 
Key fob security.  Xyzzy  Science & Technology  13  20070309 02:39 
PrimeNet Security  Damian  PrimeNet  7  20050621 12:46 