Knock detecting lock (video and instructions)
- Thread starter signal15
- Start date
I've used one of these [http://www.nokey.com/knocknoctoac.html] for years on my garage door as a backup for when my kids forget their ibutton keyfobs.
The only insecure part about is was when my son was younger he wanted to demo it to everyone and he'd count the code out loud!
Ken
The only insecure part about is was when my son was younger he wanted to demo it to everyone and he'd count the code out loud!
Ken
I always thought it would be cool if someone designed a challenge-response algorithm that you could do in your head. As a simple example:
Keypad lock presents you with a 4-digit number, say 1304. This is the challenge. The user then calculates the response in his head according to a predetermined algorithm, which can be different for each person who has access. This is not a very secure example, but for the sake of simplicity:
- Your algorithm is "x mod 250" and only you know this (the result is the remainder of X divided by 250)
- Challenge is 1304
- You calculate this in your head
- You type in 0054 as the response
This way, you NEVER type in your real code, and it changes every time. If someone saw you enter in the code, or used fingerprint powder to derive the possible codes, they would be useless to the attacker. Of course, the actual algorithm would likely be different, but you get the idea. And, it has the bonus of keeping out stupid people.
Keypad lock presents you with a 4-digit number, say 1304. This is the challenge. The user then calculates the response in his head according to a predetermined algorithm, which can be different for each person who has access. This is not a very secure example, but for the sake of simplicity:
- Your algorithm is "x mod 250" and only you know this (the result is the remainder of X divided by 250)
- Challenge is 1304
- You calculate this in your head
- You type in 0054 as the response
This way, you NEVER type in your real code, and it changes every time. If someone saw you enter in the code, or used fingerprint powder to derive the possible codes, they would be useless to the attacker. Of course, the actual algorithm would likely be different, but you get the idea. And, it has the bonus of keeping out stupid people.
- Your algorithm is "x mod 250" and only you know this (the result is the remainder of X divided by 250)
- Challenge is 1304
- You calculate this in your head
- You type in 0064 as the response
This way, you NEVER type in your real code, and it changes every time. If someone saw you enter in the code, or used fingerprint powder to derive the possible codes, they would be useless to the attacker. Of course, the actual algorithm would likely be different, but you get the idea. And, it has the bonus of keeping out stupid people.
you didn't calculate very well
mustangcoupe
Senior Member
that is geewiz cool
- Your algorithm is "x mod 250" and only you know this (the result is the remainder of X divided by 250)
- Challenge is 1304
- You calculate this in your head
- You type in 0064 as the response
This way, you NEVER type in your real code, and it changes every time. If someone saw you enter in the code, or used fingerprint powder to derive the possible codes, they would be useless to the attacker. Of course, the actual algorithm would likely be different, but you get the idea. And, it has the bonus of keeping out stupid people.
you didn't calculate very well
Hah! Fixed! Hmm, according to my comment, that would have kept me out and classified me as stupid people. :/
I figured out a couple of easier "algorithms" to use, which would work much better, plus a good method of identifying the user before they actually enter their response.
Similar threads
