From: CSBVAX::CSBVAX::MRGATE::"SMTP::PYRITE.RUTGERS.EDU::SECURITY" 8-MAR-1989 10:40 To: MRGATE::"ARISIA::EVERHART" Subj: Re: Simplex locks Sender: security@pyrite.rutgers.edu Date: 19 Feb 89 02:18:34 GMT From: nichols@cbnewsc.att.com (robert.k.nichols) Subject: Re: Simplex locks To: misc-security@att.att.com Some time ago I computed 1152 (as I recall) as the number of possible combinations -- not exactly what is implied by the "thousands of possible combinations" claimed by the Simplex folks (recently I saw some blurb that claimed "more than 2000" combinations). Incidentally, if (through psychoanalysis of the user) you suspect a "complex" combination involving 3 buttons simultaneously, your guessing job is greatly reduced. There are only 10 such 3-button sets, each with only 2 other buttons to consider. There IS a way to generate some additional combinations, although it violates the instructions of the manufacturer to "remove your fingers from the buttons before turning the knob," risking damage to the lock if you're not careful when opening it. At the end of the sequence, an otherwise unused button can be pressed lightly, just to the point of increased resistance, and HELD THERE as the knob is turned. Such a combination is distinct both from pressing the button all the way and from not pressing the button at all. The basic principles for setting/changing such combinations still apply: set the combination using the same actions you're going to use to open the lock; to change the combination, press the present combination and, while holding the final button(s) activate the "change" slide. It is possible to detect such combinations through manipulation and determine the buttons involved, but such combinations would confound the unaware. It never ceases to amaze me the way these very useful locks are mis-applied (largely due to mis-information supplied by the manufacturer). The locks are primarily suited (at least in my mind) to preventing casual entry to a restricted area, provided that the location of the lock is such that anyone attempting manipulation would be immediately observed and challenged. -*- -*- -*- Now that I have located the papers with my old calculations, I find that the actual number of combinations for a Simplex lock is 1082 (even worse than the 1152 I remembered). Just for kicks, I calculated the effect of the "trick" I mentioned (lightly pressing some of the unused buttons and holding them while turning the knob). There are a total of 2163 combinations if you allow this. Perhaps this is what the manufacturer had in mind when claiming "greater than 2000" combinations, but the operating instructions expressly forbid doing this. What puzzles me is why the lock wasn't made with 6 buttons instead of 5. The number of combinations then rises to over a million (without "tricks") and security against manipulation is also improved, at least for combinations that use all the buttons. [Moderator add-on: The above-mentioned "trick" is Simplex's "high-security- mode", which in theory they only point out to their high-muckymuck military customers. Years ago at a locksmith show I had one of the Simplex reps set "some random combo" on one of their demos to see if I could open it; he used one of these and I couldn't get it open at the time, although I rolled out of bed with the answer the next morning... _H*]