Combination locks that use letters/characters/non-numeral-glyphs have been around for an astoundingly long time, what's interesting about the word lock, though, is that they start with words, then make the dials.
The patent goes into detail - and is actually super easy/enjoyable to read - but the goal was to have a letter lock that maximized the number of real words that could be spelled from the available letters provided on the dial rings. So, a wordlist is generated under some parameters (such as word length) and then the rings are generated from that word list.
It's basically exactly what the author is doing, but in reverse.
The goal of the word lock was to increase the available keyspace of real words in a letter lock, thus increasing the security of those users who will buy a letter lock regardless. They do a number of other things right mechanically as well. Whether or not a bike lock is the best medium, I wouldn't say, but wordlock silently improved the security of a specific user base that greatly prefer convenience to security. That's awesome.
Very nice find on the patent, emhart. Thanks! It looks like the patent is the same as my `greedy_lock`, except that at each tumbler "the entire word list is scanned"; this is worse than scanning just the words that make it through the previous tumblers. Also, I was a noob at lock terminology; I should replace "dial" with "tumbler".
> The lock makes 1118 words (according to my word list). You might say that this lock is only 11.18% as secure as a 4-digit lock with 10,000 combinations.
What? It's exactly as secure; there are four dials with ten symbols. Wait, of course, Norving means dictionary words. Well, don't constrain yourself to dictionary words! You wouldn't use a dictionary word for your gmail account, right? Configure the lock for some arbitrary four-letter combination.
(There is still value in that over a lock with digits embossed on its dials, because some people can memorize a four letter combination which isn't a word more easily than four random digits.)
Here is another thing: you can configure a WordLock such that your chosen key word is something meaningful, but must be assembled in a row other than the "home row" to open the lock. That improves the security somewhat in the situation when you stick to code which is a word (as defined by Norvig). You have one more secret: the offset of your word.
If your offset keyword is such that gibberish occurs in the home row, then a naive search of meaningful words on the home row will not open the lock, so there is a "security through obscurity" element at play here too against (non-wirecutting) brute force attackers who don't know about this trick.
You might as well then memorize that home row gibberish, and use the original offset word as only a mnemonic to recover the gibberish if you forget: you can assemble the original word, and then rotate the dials in parallel until the lock opens.
The article claims you can't set the combination word, so probably assumes it is always a valid dictionary word preset by the manufacturer. That said, the WordLock web site says you can change the combination, and obviously you can on similar locks that have numbers instead of letters, so really the author probably just didn't know how.
Just to be silly.. These locks are not secure and you do not need to know the word. I have known how to do this on these types of locks since I was 12 which is no 26 years ago. https://www.youtube.com/watch?v=BcGJpVEq56Y
Another interesting kind of lock I've seen are some masterlocks that give you a "joystick" of sorts and you make passwords by moving them in the for cardinal directs, for example your password might be up up down down left right left right. What's interesting is that A) you can set your own password and B) they claim no upper bound on the length of your password!
My first thought was "impossible!" and I tried to disprove it. I set it to a long password and tried to unlock it by, say, doing all but the last stroke assuming it was just dropping the strokes after a point. No luck. Same for dropping the first stroke. Etc. But sure this mechanical system has a small finite number of possible sufficiently distinct states and so would only be able to use small password lengths?
Of course! But it's apparently being much smarter about it than I had anticipated: sure, my long password can (presumably) be opened by a shorter password. But that shorter password is apparently unrelated to the long one. They must be taking a mechanical hash of the password!
Have you tried transposition of motions in a short combination? In particular, have you tried swapping the first direction with every direction in the short combination? Have you tried a combination consisting entirely of the same direction, and shortening or lengthening that?
Because one possible (bad) implementation would be an MxN grid with a specific point as the unlock coordinate. A slightly less bad implementation that doesn't permit trivial transpositions would be such a grid plus a long internal pad that modifies the direction (realdir[i] = userdir[i] + lockspecificdata[i%LEN]%4).
Just like every other barrel combination lock, these are trivial to compromise. For me, trivial equals not needing any tools and opening it quickly enough to not draw any attention in a public space. Recently someone locked their bike to my fence with one so I figured it was fair game since it was on my property & fastened to my fence. The combination was "FUSE." The first thing that popped into my head was "short fuse" so I put the lock back on and spun the tumblers.
With the last part about "FRED BUNS", doesn't feel a bit like he's committing a variant of the Texas Sharpshooter fallacy[1]? (That's the old saw about the Texan who takes a bunch of shots at a barn, then walks up and paints a target to encircle them.)
While the chances of "FRED BUNS" may be slim, the chances of /some/ pair of words being present in adjacent lines is much better. How much better? Uh, I'll let you know once I'm not on my phone and not lazy...
That sounds more like birthday paradox: like the surprise that two people in a crowded room have the same birthday.
Of course, that paradox is related to the Texas sharpshooter. Why? Because you find the pair with the same birthday (say Bob and Alice) and then form a hypothesis that it must be hard to find someone with the same birthday as Bob, so, gee, that is surprising.
> "Update 15 Jun 2015: Someone was wrong on the internet and this time it was me! Astute readers will notice that a tiny off-by-one bug in my implementation (see the fifth revision) led it to generate a lock with three tumblers with eleven letters each, and one tumbler with ten letters.
The new best lock from this implementation only generates 1,161 words, leaving Norvig’s solution the best still:
[+] [-] emhart|10 years ago|reply
https://www.google.com/patents/US6621405
The patent goes into detail - and is actually super easy/enjoyable to read - but the goal was to have a letter lock that maximized the number of real words that could be spelled from the available letters provided on the dial rings. So, a wordlist is generated under some parameters (such as word length) and then the rings are generated from that word list.
It's basically exactly what the author is doing, but in reverse.
The goal of the word lock was to increase the available keyspace of real words in a letter lock, thus increasing the security of those users who will buy a letter lock regardless. They do a number of other things right mechanically as well. Whether or not a bike lock is the best medium, I wouldn't say, but wordlock silently improved the security of a specific user base that greatly prefer convenience to security. That's awesome.
[+] [-] norvig|10 years ago|reply
[+] [-] hackmiester|10 years ago|reply
[+] [-] kazinator|10 years ago|reply
What? It's exactly as secure; there are four dials with ten symbols. Wait, of course, Norving means dictionary words. Well, don't constrain yourself to dictionary words! You wouldn't use a dictionary word for your gmail account, right? Configure the lock for some arbitrary four-letter combination.
(There is still value in that over a lock with digits embossed on its dials, because some people can memorize a four letter combination which isn't a word more easily than four random digits.)
Here is another thing: you can configure a WordLock such that your chosen key word is something meaningful, but must be assembled in a row other than the "home row" to open the lock. That improves the security somewhat in the situation when you stick to code which is a word (as defined by Norvig). You have one more secret: the offset of your word.
If your offset keyword is such that gibberish occurs in the home row, then a naive search of meaningful words on the home row will not open the lock, so there is a "security through obscurity" element at play here too against (non-wirecutting) brute force attackers who don't know about this trick.
You might as well then memorize that home row gibberish, and use the original offset word as only a mnemonic to recover the gibberish if you forget: you can assemble the original word, and then rotate the dials in parallel until the lock opens.
[+] [-] lnanek2|10 years ago|reply
[+] [-] jthomas5545|10 years ago|reply
[+] [-] tgb|10 years ago|reply
My first thought was "impossible!" and I tried to disprove it. I set it to a long password and tried to unlock it by, say, doing all but the last stroke assuming it was just dropping the strokes after a point. No luck. Same for dropping the first stroke. Etc. But sure this mechanical system has a small finite number of possible sufficiently distinct states and so would only be able to use small password lengths?
Of course! But it's apparently being much smarter about it than I had anticipated: sure, my long password can (presumably) be opened by a shorter password. But that shorter password is apparently unrelated to the long one. They must be taking a mechanical hash of the password!
Here's the lock: http://www.masterlock.com/personal-use/product/1500iD But I wouldn't recommend buying one. They were too bulky and got stuck in the locker at my gym and had to be cut off.
[+] [-] JoshTriplett|10 years ago|reply
Because one possible (bad) implementation would be an MxN grid with a specific point as the unlock coordinate. A slightly less bad implementation that doesn't permit trivial transpositions would be such a grid plus a long internal pad that modifies the direction (realdir[i] = userdir[i] + lockspecificdata[i%LEN]%4).
[+] [-] patcheudor|10 years ago|reply
[+] [-] megablast|10 years ago|reply
[+] [-] aaronharnly|10 years ago|reply
With the last part about "FRED BUNS", doesn't feel a bit like he's committing a variant of the Texas Sharpshooter fallacy[1]? (That's the old saw about the Texan who takes a bunch of shots at a barn, then walks up and paints a target to encircle them.)
While the chances of "FRED BUNS" may be slim, the chances of /some/ pair of words being present in adjacent lines is much better. How much better? Uh, I'll let you know once I'm not on my phone and not lazy...
[1] https://en.wikipedia.org/wiki/Texas_sharpshooter_fallacy
[+] [-] zellyn|10 years ago|reply
[+] [-] kazinator|10 years ago|reply
Of course, that paradox is related to the Texas sharpshooter. Why? Because you find the pair with the same birthday (say Bob and Alice) and then form a hypothesis that it must be hard to find someone with the same birthday as Bob, so, gee, that is surprising.
[+] [-] Someone|10 years ago|reply
And yet, I spot such a word in many of the high-scoring combinations (hint: it appears near the word 'CUTE')
It would not surprise me if the makers of these locks had a list of forbidden words.
[+] [-] shabble|10 years ago|reply
Personally, I feel the opposite should be enforced. If you make the password vile enough, people should be less willing to tell it to other people :)
[1] https://en.wikipedia.org/wiki/Scunthorpe_problem
[+] [-] glyphobet|10 years ago|reply
[+] [-] glaberficken|10 years ago|reply
> "Update 15 Jun 2015: Someone was wrong on the internet and this time it was me! Astute readers will notice that a tiny off-by-one bug in my implementation (see the fifth revision) led it to generate a lock with three tumblers with eleven letters each, and one tumbler with ten letters.
The new best lock from this implementation only generates 1,161 words, leaving Norvig’s solution the best still:
Lock: ABCDLMPRST AEHILNORUY AEILMNORST ADEKLNOSTY"