Solved

Passcode Riddle - 500 points!

Posted on 2004-04-02
50
730 Views
Last Modified: 2007-12-19
I am currently working on a project that involves some security hardware.  Specifically an electronic door lock.  The lock requires the employee to enter a passcode.

This passcode is changed every minute, 24 hours a day, 7 days a week, etc. etc .... The employee carries a little device that calculates this passcode that's based strictly on the current time and date.

Now there are obviously better ways of doing this but there are hardware restrictions.  To make things even less secure the engineers made it 4 parts that are merely appended together to form the 12-digit passcode. The passcode will always be 12 digits and any part of that code that makes it less will have leading zeros added to it.

Its was up to me to create an logical alogirthm that would secure this vulnerable system.  So although any passcode based on a date and time is not secure I think I did a pretty decent job of hiding it.

So my question is... can someone determine the method I used to encode the date and time given some examples? I figure if you guys cant figure it out then its good enough for the application it will be applied to.  Good luck :)

on May 5, 2004 at 8:35 AM the passcode was 201200400175

on October 29, 2003 at 12:57 AM the passcode was 200323671653
0
Comment
Question by:aaronCS
50 Comments
 
LVL 4

Expert Comment

by:oumer
ID: 10743109
just two examples? A cracker will just log in thousands to find out pattern. Be more generous and give us at least a couple more .. In the mean time I will if I could do anything about the two you have given .....
0
 

Author Comment

by:aaronCS
ID: 10743150
Sorry those two codes I have given is all that the puzzle states.  No more can be provided.
This is possible with the hints provided.
Rememer, it is divided into 4 sections
0
 
LVL 35

Expert Comment

by:mvidas
ID: 10743286
hi aaron,

I like this.


To try and get it, I'm trying to determine the passcode at
December 31, 2002 at 5:43 am

so far I have the last three (967)

Am I right? or can't you tell?
0
 

Author Comment

by:aaronCS
ID: 10743348
I shouldnt tell but that is not correct, the last two are correct.  Please include your logic with your next question
0
 
LVL 35

Expert Comment

by:mvidas
ID: 10743456
sorry

I do agree that 2 examples make it REALLY difficult (can you add one more? like for January 16, 1996?), but if you say its possible I'm going to keep on trying

I actually thought the last 4 were 0867 or 1867 and the first 2 were 20, but decided to only say the 867 (which of course I mistyped as 967).  Here was my logic (as bad as it may be)

First 2 digits=first 2 digits of year
Last 2 digits = 100 - minutes + 10
I thought the 8 in my answer was month-4, and the 1 in my answer was if month was 10, 11, or 12

Crude logic, but I tried.

I'll try again later
Matt
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10744398
The fact of the matter is, it could be nearly anything used as a key here...
Two results are, as stated before, simply not enough to give this a fair shot.

I'd suggest either supply some additional examples, or provide any specific methods you've used to obtain this code (i.e. converting to julian dates, etc).
0
 
LVL 24

Expert Comment

by:SunBow
ID: 10744399
0
 

Author Comment

by:aaronCS
ID: 10744587
This puzzle is definitely possible with only 2 examples, it is tough but it is possible.
If no one can eventually get it I will post another example until someone takes the prize.
0
 
LVL 22

Expert Comment

by:_TAD_
ID: 10744925


now, now aaron... let's not get hasty

the question hasn't even been up for 1 full day yet.  I think two examples should be more than plenty.

1 example should be sufficient to at least develop a formula.  I've only seen one real attempt so far.
0
 
LVL 22

Expert Comment

by:_TAD_
ID: 10745189


okay here's some logic I've worked out so far (to give someone else ideas)


Last 2 digits - 60 - minutes + 50    
 -- which mathematically works out to the same number given by mvidas

Also... the first three numbers:
2004 = 201
2003 = 200
2002 = 199
2001 = 198
etc, etc.
0
 

Author Comment

by:aaronCS
ID: 10745304
Thanks for that TAD.  U understand that 2 codes gives enough information to solve the algo.  Keep at this one :)

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10745312
Yea, but TAD's a genius. :P
0
 
LVL 4

Expert Comment

by:mikkelp
ID: 10745447
Aaron,

not to spoil your fun, but there are more than one algorithm... If your 12-digit code consist of 3 4-digit blocks
and every block can be combined using every element of the current date-time, you have at least a dozen different options to go by ... and since there are no rules specified on expressions, everything _is_ possible. It's a simple exercise in set-theory and mappings. Otherwise, by your claim, the solution below is correct ;-)

anyhu, here's an attempt... I'm not satisfied with the solution to the middle 4, however... maybe it'll come to me in my sleep. At least the first and last 4 may serve as an inspiration to others out there...

may 5, 2004, 8:35 -> 2004 + 8 (hour), ? , 5 (day) * 35 (minute) = 2012 0040 0175
oct 29, 2003, 0:57 -> 2003 + 0, A, ? , 29 * 57 = 2003  2367 1653

? ... maybe 35+5 = 40, 57+10 = 67 ... first two are (year-2004) % 24.

(year-2004)%24 * 100 + month + minute.


mikkelp
0
 

Author Comment

by:aaronCS
ID: 10745885
By using your favorite spreadsheet program, pen+paper, or computer, try to find how to split passcodes into 4 parts and how these 4 numbers have been calculated using date/time data.

Use simple math or bits operators... Don't try too complicated calculations. There is neither complex bit hashing (based on previous passcode) like real single-use token generator, nor checksum digits.

To those not familiar with english time notation, don't forget that "12:57 AM" means "0h57" (not "12h57"), and "10:37 PM" means "22h37" in 24-hours notation.
0
 
LVL 35

Expert Comment

by:mvidas
ID: 10746199
i took your advice on using excel, so it looks a bit funny to get the specific numbers from the dates.  With the date being in A1

=YEAR(A1)+HOUR(A1)&LEFT(TEXT(A1,"dd"),1)&LEFT(TEXT(A1,"dd"),1)+LEFT(TEXT(A1,"mm"),1)&MINUTE(A1)+MONTH(A1)&(LEFT(TEXT(A1,"hh AM/PM"),1))&(RIGHT(((RIGHT(LEFT(TEXT(A1,"hh AM/PM"),2),1))+3),1)+LEFT(TEXT(A1,"hh AM/PM"),1))&(10-(LEFT(TEXT(A1,"mm:ss"),1)))&(10-(RIGHT(MINUTE(A1),1)))
0
 

Author Comment

by:aaronCS
ID: 10753739
Sorry mvidas that is not the correct answer please have another go
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10754421
Why doesn't TAD go ahead and solve it?...
0
 
LVL 4

Expert Comment

by:Dangeriz
ID: 10756411
aaronCS,

Before I started, I've calculated how many possible ways of splitting the 12 digit code into four parts/groups...
And assuming each part/group has at LEAST 2 numbers you will get a result of 35 different combinations of how to split those 12 digits up. For example: 20-1200-400-175 is one combination and 201-200-40-0175 is another combination...

The combinations jump from 35 to 165 if you allow a grouping to have only 1 number.
For example: 2-012-0040-0175 or 201-2004-0017-5. So not knowing the groupings already poses a great challenge and endless possibilities. To make it easier for me, I've assumed that each grouping is at least 2 numbers, even though you didn't specify.

And for EACH combination you have to find/crack a grouping with the date info that has been algorithmically encrypted in any creative abstract way. For one combination you can search endlessly, playing and manipulating numbers to match a grouping, now you have to do that with 35 combinations...

Yes, it is possible to crack the code. And you will get a lot of calculations that work for the 2 examples, but might not work for other patterns of code. You can even crack it with 1 example, but the more examples you give, the more patterns people can recognize to point them in the right direction. So all it takes is a lot of time to really crack this code to explore the extent of the algorithm.

Your method of encryption could be very simple, or could be very complex. I'm not going to try and find out because I could be at this forever. This rabbit hole goes very very far... and I'm not prepared to search the whole rabbit hole, just for the rabbit :Þ

And I guess this is what you are trying to find out anyway :)
You want to know if where you put the rabbit is safe... The truth... I don't know.

Ok I give up! Where is the rabbit?????   :Þ
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10760951
>>You want to know if where you put the rabbit is safe... <<
Not safe from TAD apparently...
0
 
LVL 5

Expert Comment

by:Synthetics
ID: 10777017
I'd assumed it was four blocks of three digits, since you said any part of the code that made it less than 12 digits would be trailed by 0's, and the first example you gave accounts for this nicely

201 200 400 175

Are you allowed to clarify for us?
0
 

Author Comment

by:aaronCS
ID: 10777059
sorry I cannot give too much away.  It is safe to assume that no block will be 1 digit or more then 4 digits.
0
 
LVL 5

Expert Comment

by:Synthetics
ID: 10777112
Can a block begin with a zero?
I'm not progressing too well:
Working on July 27th 2000 3:42 PM I have 197???????68

Was that 2003 = 200 etc correct btw?
0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 10779360
digits 1-4 = year + hour
digits 5-6 = day + year - 2009
digits 7-8 = minutes + month
digits 9-10 = day + hour + year - 2016
digits 11-12 = 110 - minutes

> on May 5, 2004 at 8:35 AM the passcode was 201200400175

2004 05 05 08 35 => 2012 00 40 01 75

> on October 29, 2003 at 12:57 AM the passcode was 200323671653

2003 10 29 00 57 => 2003 23 67 16 53

0
 

Author Comment

by:aaronCS
ID: 10783045
Synthetics, yes a block can most certainly begin with a zero.  Each block is a preset size.  If a number is not large enough to fit the block, leading zeros are added.
0
 
LVL 7

Expert Comment

by:Lori99
ID: 10784880
digits 1-4 = year + hour (from PennGwyn and mikkelp)
digits 5-6 = day + year - 2009 (from PennGwyn)
digits 7-8 = minutes + month (from PennGwyn and mikkelp)
digits 9-12 = Day * minutes (from mikkelp)

Works for the two codes you gave.  Don't know if it would work for other examples.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:aaronCS
ID: 10784957
Sorry guys that is not the right algo.  You are close though.

The person that can successfully tell me what the passcode is on October 13, 2004 at 10:37 PM will win the 2000 point regardless of your reasoning.
0
 
LVL 35

Expert Comment

by:mvidas
ID: 10785268
202608471473
0
 

Author Comment

by:aaronCS
ID: 10785331
Im sorry mvidas that is not the correct answer, have another go though.
0
 
LVL 35

Expert Comment

by:mvidas
ID: 10785504
The only other answer I could come up with is 202612470481, if not I'm stuck for now
0
 
LVL 11

Expert Comment

by:phileoca
ID: 10787453
020140847481
0
 
LVL 11

Expert Comment

by:phileoca
ID: 10787868
here's your answer for October 13, 2004 at 10:37 PM

202608320481

<>< KT
0
 
LVL 7

Expert Comment

by:ChrisFretwell
ID: 10788398
202608472373

There is a formula hidden in there somewhere. Good or bad, I found this topic by accident (had previously only been in database topics) and will likely be back, even if I'm wrong.
0
 
LVL 9

Expert Comment

by:j3one
ID: 10797106
-> 212004191474 <-
0
 

Author Comment

by:aaronCS
ID: 10803211
Sorry guys but no one has got the right answer so far.
Keep trying though!  2000 points for the right answer.
0
 
LVL 2

Expert Comment

by:RAXMAN
ID: 10804144
on May 5, 2004 at 8:35 AM the passcode was 201200400175
on October 29, 2003 at 12:57 AM the passcode was 200323671653


201-2004-001-75
200-3236-716-53


(I agree with Tad.)

First Section
------------
201 = 2004
200 = 2003
199 = 2002
198 = 2001
197 = 2000
___________


Second Section
--------------
2004/5(Month Number) = 400.8(Put number in reverse into the code because the number is prime and odd)
3236/10(Month Number) = 323.6(Put into code without decimal and not in reverse because it is a even numbered month)
___________________________________________________________________________________________________________________



Third Section
-------------
This confuses me bcause the numbers look backwards and in the wrong place, but
8.35(Time) + 8.35 = 16.7(Put into code, but move seven to start without decimal)
This is where I get confused...
12.57 + 12.57 = 25.14 - 24 =  1.14(Put into code, but move one to start without decimal and drop rest)
___________________________________________________________________________________________________________________


(Disagree here.)

Last Section
------------
75 = 57
53 = 35
 

I do not believe this is close at all, but it was worth a shot. Maybe this will help someone solve it.
0
 
LVL 2

Expert Comment

by:RAXMAN
ID: 10804176
Comment from Lori99
Date: 04/08/2004 09:26AM PDT
 Comment  


digits 1-4 = year + hour (from PennGwyn and mikkelp)
digits 5-6 = day + year - 2009 (from PennGwyn)
digits 7-8 = minutes + month (from PennGwyn and mikkelp)
digits 9-12 = Day * minutes (from mikkelp)

Works for the two codes you gave.  Don't know if it would work for other examples.



Comment from aaronCS
Date: 04/08/2004 09:35AM PDT
 Author Comment  


Sorry guys that is not the right algo.  You are close though.

The person that can successfully tell me what the passcode is on October 13, 2004 at 10:37 PM will win the 2000 point regardless of your reasoning.
 

Ops. Missed that.
2013-08-47-0481

or

2001-08-47-0481

Sorry about that.



0
 

Author Comment

by:aaronCS
ID: 10813067
Hey Raxman,
Good try! But unfortunately it is not the correct answer.
There is an immediate problem that jumps out at me.
You said that the last 2 digits is basically a transposition of the minutes.  But if you look at the codes again it just doesnt work.

Last Section
------------
75 = 57
53 = 35

on May 5, 2004 at 8:35 AM the passcode was 201200400175
on October 29, 2003 at 12:57 AM the passcode was 200323671653


That would be throwing off your logic.  Have another go thought, it was an excellent effort.
0
 
LVL 4

Expert Comment

by:mikkelp
ID: 10813116
13 oct. 2004, 22:37 = 202600470481 ?!?

Aaron, would you be willing to reveal what types of calculations are permitted by your hardware token?

ie. integer division, remainder division, multiplication, addition, conditionals based on values

mikkelp

0
 

Author Comment

by:aaronCS
ID: 10813167
hi mikkelp,
I think this was a fair hint, I cant make it too easy for you guys ;)

Use simple math or bits operators... Don't try too complicated calculations. There is neither complex bit hashing (based on previous passcode) like real single-use token generator, nor checksum digits.

To those not familiar with english time notation, don't forget that "12:57 AM" means "0h57" (not "12h57"), and "10:37 PM" means "22h37" in 24-hours notation.
0
 

Expert Comment

by:azumandias
ID: 10816400
202623470481 ?
0
 
LVL 1

Expert Comment

by:ice911
ID: 10816728
2024??470481

that is close isn't it?

--ice911
(trying)
0
 
LVL 1

Expert Comment

by:ice911
ID: 10817037
i noticed this:

changes ...
every minute,
every hour,
every day,
every week,
every month,
every year

you have given us every clue but one, weeks.
you given us a range of information between minutes and years, but weeks is the only piece of info that was not given to us.
there are 52 weeks in a year.

Please tell me if you purposely left weeks out or if i'm leading to something here.

0
 
LVL 4

Accepted Solution

by:
mikkelp earned 500 total points
ID: 10817107
think I just nailed it...

2003 10 29 00 57 > 200323671653
2004 05 05 08 35 > 201200400175
2004 13 10 22 37 > 202607470481
0
 
LVL 4

Expert Comment

by:mikkelp
ID: 10817167
... oh better explain

code is four groups of 4,2,2,4 digits

first: year + hour (24h clock)
second: month XOR day
third: month+minute
fourth: day*minute

so 2004 13 10 22 37 becomes
2004+22 = 2026
13 XOR 10 = 07
10 + 37 = 47
13 * 37 = 0481
0
 
LVL 1

Expert Comment

by:ice911
ID: 10817274
nice one, mikkelp!

XOR, damn i wasn't thinking around that.

Good job!
0
 

Author Comment

by:aaronCS
ID: 10822768
Yes Mikkelp you did an outstanding job.  Persistance pays off!
I was seriously thinking this riddle was going to stump everyone.  Obviously I was wrong.
Points well deserved.

I gave the hint "Use simple math or bits operators... Don't try too complicated calculations."
So I knew it was only a matter of time before someone tried OR, AND, XOR, bit operators.

See people it wasnt so hard!  Thanks
0
 
LVL 1

Expert Comment

by:ice911
ID: 10827526
aaronCS,

So, are you going to make another encoding process for the security (since this one has been discovered)?
If so, post it up here so we can give it another go.
:)

--ice911
(I came late [: ( ] )
0
 
LVL 11

Expert Comment

by:phileoca
ID: 10834363
XOR?  =)  email me wtf that means.   phileworship@phileoca.com
0
 

Author Comment

by:aaronCS
ID: 10834456
Hey ice911,
Im sure I could come up with pleanty of other challenges for you guys.  The EE admins dont like me posting password "cracking" puzzles though.  Hmmm maybe I should set up a website :)

The textbook definition of XOR is....
XOR: A binary bitwise operator yielding the result one if the two values are different and zero otherwise. XOR is an abbreviation for exclusive-OR.
0
 

Author Comment

by:aaronCS
ID: 10834577
Perhaps an example of XOR will help.  As with this challenge...
13 XOR 10 = 07

13 in binary is 1101
10 in binary is 1010

Now compare each "bit" in each column.  If they are different they result in 1 in every other case the result is 0.

00001101
00001010
------------
00000111

Sure enough the result is 7 when converted into an integer.  You can check this out on your calculator (even the windows calculator).

This is the computer definition, an exclusive OR is also used in logic.  That is a topic for another day.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Owning a franchise can be the dream of a lifetime. It provides a chance for economic growth. You can be as successful as you want.  To make your franchise successful, you need to market it successfully. Here are six of the best marketing strategies …
Moving applications to the cloud or switching services to cloud-based ones, is a stressful job.  Here's how you can make it easier.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now