I am currently working on a project that involves some security hardware. Specifically an electronic door lock. The lock requires the employee to enter a passcode.

This passcode is changed every minute, 24 hours a day, 7 days a week, etc. etc .... The employee carries a little device that calculates this passcode that's based strictly on the current time and date.

Now there are obviously better ways of doing this but there are hardware restrictions. To make things even less secure the engineers made it 4 parts that are merely appended together to form the 12-digit passcode. The passcode will always be 12 digits and any part of that code that makes it less will have leading zeros added to it.

Its was up to me to create an logical alogirthm that would secure this vulnerable system. So although any passcode based on a date and time is not secure I think I did a pretty decent job of hiding it.

So my question is... can someone determine the method I used to encode the date and time given some examples? I figure if you guys cant figure it out then its good enough for the application it will be applied to. Good luck :)

on May 5, 2004 at 8:35 AM the passcode was 201200400175

on October 29, 2003 at 12:57 AM the passcode was 200323671653

just two examples? A cracker will just log in thousands to find out pattern. Be more generous and give us at least a couple more .. In the mean time I will if I could do anything about the two you have given .....

0

aaronCSAuthor Commented:

Sorry those two codes I have given is all that the puzzle states. No more can be provided.
This is possible with the hints provided.
Rememer, it is divided into 4 sections

To try and get it, I'm trying to determine the passcode at
December 31, 2002 at 5:43 am

so far I have the last three (967)

Am I right? or can't you tell?

0

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

I do agree that 2 examples make it REALLY difficult (can you add one more? like for January 16, 1996?), but if you say its possible I'm going to keep on trying

I actually thought the last 4 were 0867 or 1867 and the first 2 were 20, but decided to only say the 867 (which of course I mistyped as 967). Here was my logic (as bad as it may be)

First 2 digits=first 2 digits of year
Last 2 digits = 100 - minutes + 10
I thought the 8 in my answer was month-4, and the 1 in my answer was if month was 10, 11, or 12

The fact of the matter is, it could be nearly anything used as a key here...
Two results are, as stated before, simply not enough to give this a fair shot.

I'd suggest either supply some additional examples, or provide any specific methods you've used to obtain this code (i.e. converting to julian dates, etc).

This puzzle is definitely possible with only 2 examples, it is tough but it is possible.
If no one can eventually get it I will post another example until someone takes the prize.

not to spoil your fun, but there are more than one algorithm... If your 12-digit code consist of 3 4-digit blocks
and every block can be combined using every element of the current date-time, you have at least a dozen different options to go by ... and since there are no rules specified on expressions, everything _is_ possible. It's a simple exercise in set-theory and mappings. Otherwise, by your claim, the solution below is correct ;-)

anyhu, here's an attempt... I'm not satisfied with the solution to the middle 4, however... maybe it'll come to me in my sleep. At least the first and last 4 may serve as an inspiration to others out there...

? ... maybe 35+5 = 40, 57+10 = 67 ... first two are (year-2004) % 24.

(year-2004)%24 * 100 + month + minute.

mikkelp

0

aaronCSAuthor Commented:

By using your favorite spreadsheet program, pen+paper, or computer, try to find how to split passcodes into 4 parts and how these 4 numbers have been calculated using date/time data.

Use simple math or bits operators... Don't try too complicated calculations. There is neither complex bit hashing (based on previous passcode) like real single-use token generator, nor checksum digits.

To those not familiar with english time notation, don't forget that "12:57 AM" means "0h57" (not "12h57"), and "10:37 PM" means "22h37" in 24-hours notation.

Before I started, I've calculated how many possible ways of splitting the 12 digit code into four parts/groups...
And assuming each part/group has at LEAST 2 numbers you will get a result of 35 different combinations of how to split those 12 digits up. For example: 20-1200-400-175 is one combination and 201-200-40-0175 is another combination...

The combinations jump from 35 to 165 if you allow a grouping to have only 1 number.
For example: 2-012-0040-0175 or 201-2004-0017-5. So not knowing the groupings already poses a great challenge and endless possibilities. To make it easier for me, I've assumed that each grouping is at least 2 numbers, even though you didn't specify.

And for EACH combination you have to find/crack a grouping with the date info that has been algorithmically encrypted in any creative abstract way. For one combination you can search endlessly, playing and manipulating numbers to match a grouping, now you have to do that with 35 combinations...

Yes, it is possible to crack the code. And you will get a lot of calculations that work for the 2 examples, but might not work for other patterns of code. You can even crack it with 1 example, but the more examples you give, the more patterns people can recognize to point them in the right direction. So all it takes is a lot of time to really crack this code to explore the extent of the algorithm.

Your method of encryption could be very simple, or could be very complex. I'm not going to try and find out because I could be at this forever. This rabbit hole goes very very far... and I'm not prepared to search the whole rabbit hole, just for the rabbit :Þ

And I guess this is what you are trying to find out anyway :)
You want to know if where you put the rabbit is safe... The truth... I don't know.

I'd assumed it was four blocks of three digits, since you said any part of the code that made it less than 12 digits would be trailed by 0's, and the first example you gave accounts for this nicely

201 200 400 175

Are you allowed to clarify for us?

0

aaronCSAuthor Commented:

sorry I cannot give too much away. It is safe to assume that no block will be 1 digit or more then 4 digits.

digits 1-4 = year + hour
digits 5-6 = day + year - 2009
digits 7-8 = minutes + month
digits 9-10 = day + hour + year - 2016
digits 11-12 = 110 - minutes

> on May 5, 2004 at 8:35 AM the passcode was 201200400175

2004 05 05 08 35 => 2012 00 40 01 75

> on October 29, 2003 at 12:57 AM the passcode was 200323671653

2003 10 29 00 57 => 2003 23 67 16 53

0

aaronCSAuthor Commented:

Synthetics, yes a block can most certainly begin with a zero. Each block is a preset size. If a number is not large enough to fit the block, leading zeros are added.

There is a formula hidden in there somewhere. Good or bad, I found this topic by accident (had previously only been in database topics) and will likely be back, even if I'm wrong.

Second Section
--------------
2004/5(Month Number) = 400.8(Put number in reverse into the code because the number is prime and odd)
3236/10(Month Number) = 323.6(Put into code without decimal and not in reverse because it is a even numbered month)
___________________________________________________________________________________________________________________

Third Section
-------------
This confuses me bcause the numbers look backwards and in the wrong place, but
8.35(Time) + 8.35 = 16.7(Put into code, but move seven to start without decimal)
This is where I get confused...
12.57 + 12.57 = 25.14 - 24 = 1.14(Put into code, but move one to start without decimal and drop rest)
___________________________________________________________________________________________________________________

(Disagree here.)

Last Section
------------
75 = 57
53 = 35

I do not believe this is close at all, but it was worth a shot. Maybe this will help someone solve it.

Comment from Lori99
Date: 04/08/2004 09:26AM PDT
Comment

digits 1-4 = year + hour (from PennGwyn and mikkelp)
digits 5-6 = day + year - 2009 (from PennGwyn)
digits 7-8 = minutes + month (from PennGwyn and mikkelp)
digits 9-12 = Day * minutes (from mikkelp)

Works for the two codes you gave. Don't know if it would work for other examples.

Comment from aaronCS
Date: 04/08/2004 09:35AM PDT
Author Comment

Sorry guys that is not the right algo. You are close though.

The person that can successfully tell me what the passcode is on October 13, 2004 at 10:37 PM will win the 2000 point regardless of your reasoning.

Ops. Missed that.
2013-08-47-0481

or

2001-08-47-0481

Sorry about that.

0

aaronCSAuthor Commented:

Hey Raxman,
Good try! But unfortunately it is not the correct answer.
There is an immediate problem that jumps out at me.
You said that the last 2 digits is basically a transposition of the minutes. But if you look at the codes again it just doesnt work.

Last Section
------------
75 = 57
53 = 35

on May 5, 2004 at 8:35 AM the passcode was 201200400175
on October 29, 2003 at 12:57 AM the passcode was 200323671653

That would be throwing off your logic. Have another go thought, it was an excellent effort.

Aaron, would you be willing to reveal what types of calculations are permitted by your hardware token?

ie. integer division, remainder division, multiplication, addition, conditionals based on values

mikkelp

0

aaronCSAuthor Commented:

hi mikkelp,
I think this was a fair hint, I cant make it too easy for you guys ;)

Use simple math or bits operators... Don't try too complicated calculations. There is neither complex bit hashing (based on previous passcode) like real single-use token generator, nor checksum digits.

To those not familiar with english time notation, don't forget that "12:57 AM" means "0h57" (not "12h57"), and "10:37 PM" means "22h37" in 24-hours notation.

changes ...
every minute,
every hour,
every day,
every week,
every month,
every year

you have given us every clue but one, weeks.
you given us a range of information between minutes and years, but weeks is the only piece of info that was not given to us.
there are 52 weeks in a year.

Please tell me if you purposely left weeks out or if i'm leading to something here.

Yes Mikkelp you did an outstanding job. Persistance pays off!
I was seriously thinking this riddle was going to stump everyone. Obviously I was wrong.
Points well deserved.

I gave the hint "Use simple math or bits operators... Don't try too complicated calculations."
So I knew it was only a matter of time before someone tried OR, AND, XOR, bit operators.

So, are you going to make another encoding process for the security (since this one has been discovered)?
If so, post it up here so we can give it another go.
:)

XOR? =) email me wtf that means. phileworship@phileoca.com

0

aaronCSAuthor Commented:

Hey ice911,
Im sure I could come up with pleanty of other challenges for you guys. The EE admins dont like me posting password "cracking" puzzles though. Hmmm maybe I should set up a website :)

The textbook definition of XOR is....
XOR: A binary bitwise operator yielding the result one if the two values are different and zero otherwise. XOR is an abbreviation for exclusive-OR.

0

aaronCSAuthor Commented:

Perhaps an example of XOR will help. As with this challenge...
13 XOR 10 = 07

13 in binary is 1101
10 in binary is 1010

Now compare each "bit" in each column. If they are different they result in 1 in every other case the result is 0.

00001101
00001010
------------
00000111

Sure enough the result is 7 when converted into an integer. You can check this out on your calculator (even the windows calculator).

This is the computer definition, an exclusive OR is also used in logic. That is a topic for another day.

0

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.