Cliche: "What's the Code?" "We Have 4 Digits, Still Working on the Last One!"

There’s a cliche in movies and TV in which a computer is trying to determine the secret access code to get into the door/building/supercomputer, etc., and displays a series of numbers on its screen, all simultaneously changing through different combinations. And then one will lock. “We’ve got the first number.” And then another one, etc. This happened most recently on Monday’s episode of “24.”

My question: is that based on anything even remotely real? Every time I see this it always seems completely stupid to me, since it would be no trick at all to figure out an access code if you could independently determine each digit. If you didn’t need to determine the entire code at once, it’s just a matter of scrolling through 10 different digits for the first number, then moving on to the second number, etc. You could do it manually.

I know this is just a device to build tension, but it always takes me out of the show when I see it. But I’m wondering if I’m being too harsh – does this represent, in any way, any kind of real decoding scheme, and I’m just missing the subtleties?

This may belong in Cafe Society.

I don’t think it represents anything real. I completely agree with your assessment.

An additional stupid trope is that each digit being tried rapidly spins through hundreds of numbers before settling on “7” – instead of just 0-9.

The point of a seven-digit lock is that you have 10 million combinations. This should take some time to randomly guess by just hitting numbers, or by starting at 0000001 and working my way upwards.

However, if it DID work that way, your 10 million combination lock would be reduced to 1 million combinations as soon as I spun one of the digits through the ten possible permutations. I get the next one and its reduced by another factor of ten.

Basically, your 10^6 combination lock would actually turn into a 70 combination lock.


There’s no real need to do it manually. You can figure out a 7-digit code using a brute force approach with something with the computing power of a pocket calculator.

However, yes, that would be stupid.

There’s no way this is based on a real security system. Why would anyone code something that gave a guesser such power? Essentially, a password or pin is only as strong as its length and complexity. Either the password works or it doesnt. In Hollywood the password is broken down into its characters so every password really is one character. You just have to keep working on the next part of the password. So lets say you have a 15 digit pin that accepts input from 0-9, #, and *. That’s trillians of permutations. In movies you can just keep typing 1, 2, 3, etc until you get the first character. Do that 15 times and youre in.

Just about anything involving cracking of hacking in movies is done in a way to entertain a crowd, sell tickets, and push the story along. A guy sitting with a borne shell typing out a perl script doesnt not make for good TV. The only exception I can think of is this scene from the Matrix.

What if you were trying to break into the lair of the Evil Mastermind?

I once read about a prime number “code” that worked like this. If you wanted to encode a word like code you’d break it down to letters: c is the third letter of the alphabet, o is the 15th, d is the fourth, e is the fifth. Then you multiply a series of prime numbers: 2 to the third power, 3 to the 15th power, 5 to the fourth power, 7 to the fifth power, etc. The word code would equal 4,962,182,715,000. Obviously a bit unwieldy in straight form (and the length of the resulting numbers would rapidly go up). But it’s possible to express incredibly long numbers in a reasonable length through exponents. For example, 1,305,489 to the 567,433rd power plus 67,453 to the 890th power minus 23 equals a string a of numbers millions of digits long - enough to encode an entire book in a single line.

Getting back to the OP, the practical problem with this theoretical code is the insurmountable difficulties of encoding and decoding the message. In the book, the government was trying to decode a message like this and after months of work by supercomputers, they had only decoded the first few letters.

I cant see that working either. All modern encryption schemes first compress data, to add entropy and to shrink the size, then encrypt it So there’s no single letter you can guess. Either you have the private key to decode it or you dont. Im sure there are edge cases out there, but generally that is true.

In real life the supercomputers or the network of computers doing the cracking either outputs sane text or it doesnt. Even if you knew 90% of the plaintext in a ciphertext message that still wont help you figure out the key.

My WAG is that screenwriters just took the safecracking cliche of getting one tumbler at a time and simply switched out safes for computers and tumblers for characters in a password.

I think it may be vaguely based on old mechanical combination locks. Sometimes one would be able to figure out the combination one number at a time by listening carefully to the clicking sounds.

I can’t imagine how it could be done with an electronic lock.

On preview: What HorseloverFat said.


There have been occasional mistakes made in implementing password systems that have allowed character-at-a-time cracking. E.g., one system, after the password was typed in, would look at each character in turn and bail out on the first wrong one. Hence there was a slightly faster response if the first was was wrong. (And the systems were slow enough in those days that it could actually be measured.)

The famous RSA system can be exploited in a somewhat related manner if key generation and padding is not done right.

But in anything well done or modern? Forget about it.

Some of the most absurd examples in movies:

War Games near the end when Joshua is running through launch codes and picking up a sysmbol at a time. Once the first few were found the remaining ones should have been nearly instantaneuous. There’s only a few thousand numbers left!

Sneakers shows screenfuls of text being decoded a character-at-time in random locations. This is really, really stupid given the sophistication of the the encryption schemes supposed used. I think The Net also did this.

This kind of code is used in Fred Pohl’s Starburst - but it’s not really a very practical approach; in general, a message encoded that way is not going to reduce to a number that can be expressed in a short form (brief proof - the number of numbers that can be expressed in a single line is a many many orders of magnitude smaller than the number of possible books, so only a very very small percentage of book long messages can be usefully encoded that way). But I’m willing to give Pohl a break on this one because The characters in his book that use that code are superhumanly clever, so they might very well be able to compose a message that happens, against all odds, to be expressable in an easy-to-write number (akin to being clever enough to write a book without the letter ‘e’ or one that is palidromic)

P.S. An example of what the OP is talking about is in “War Games” where Joshua breaks the nuclear launch codes number-by-number.

I agree with this, I can pick a Master Lock very easily, once you get the hang of it, it’s fairly simply. You get the last number (via algorithim and clicks) and work back. Plus you generally don’t get mechanical locks with combinations of numbers too close to each other.

There are a couple methods in cryptanalysis that are, maybe, remotely similar to what’s shown in the movies. Differential cryptanalysis tries to make small changes in the input to learn something about the key. This was pretty big news when it first became public knowledge. Wiki’s page says that at least some then-existing cryptosystems were vulnerable to the attack. There are also various forms of side-channel analysis where an attacker with good access to the hardware can monitor it for subtle unintentional changes; for example, perhaps a partially-correct key takes slightly longer to reject than a completely-incorrect key. This is an especially attractive attack option for cases like encrypting RFID chips where the hardware is likely to be easy to access.

Of course, a modern cipher known to be vulnerable to either of these attacks would be considered badly broken. And that any given script writer actually knows or cares about such things is much less likely than that he just thinks it looks cool. (And, as ftg says, in any case once all but a few characters are known it should be trivial to brute-force the rest.)

Get your most closely kept personal thought:
put it in the Word .doc with a password lock.
Stock it deep in the .rar with extraction precluded
by the ludicrous length and the strength of a reputedly
dictionary-attack-proof string of characters
(this, imperative to thwart all the disparagers
of privacy: the NSA and Homeland S).
You better PGP the .rar because so far they ain’t impressed.
You better take the .pgp and print the hex of it out,
scan that into a TIFF. Then, if you seek redoubt
for your data, scramble up the order of the pixels
with a one-time pad that describes the fun time had by the thick-soled-
boot-wearing stomper who danced to produce random
claptrap, all the intervals in between which, set in tandem
with the stomps themselves, begat a seed of math unguessable.
Ain’t no complaint about this cipher that’s redressable!
Best of all, your secret: nothing extant could extract it.
By 2025 a children’s Speak & Spell could crack it.

MC Frontalot, “Secrets From the Future”


aka The Gold at the Starbow’s end.

The novellete version was called “The Gold at the Starbow’s end” but the in novel form it was called Starburst ( - I don’t know if the code stuff was in the shorter form, so I cited the long form.

As Andy L suggested, there aren’t going to be very many books you can encode using a system like that. Just because the resulting string contains millions of numbers does not mean it represents enough information to encode millions of characters of arbitrary data. Specifically, it gives you just enough freedom to encode arbitrary data of about the length of your compressed form: that is, maybe a few dozen characters.

For any given message, there is some definite limit to how small it can be compressed, and it is quite thoroughly impossible to transmit the message by sending any fewer bits. In your example above, the form of the message containing millions of digits doesn’t contain any more information: it’s just longer.

This device was also used in the movie “The Last Seduction,” in which this is how a phone number is traced. The cops are watching as the phone number is revealed one digit at a time, starting with area code. They get as far as the exchange with puts them in “cattle country”, New York, and that sets the detective on the trail of the missing Linda Fiorentino.

I think a major flaw with the movie passcode cracking cliche is they never reveal how they know that the first digit is N. I don’t know of any security program that returns a “wrong password, but you got the first digit right!” kind of response. I think it’s a Hollywood theme that is designed to build suspense, just like the countdown timer on the ticking bomb or the onward coming locomotive that they cut to while the good guy is working frantically to defuse the bomb or derail the train.