How to calculate lock combinations

We have a lock box that allows you to set a combination to be punched in. The way it works (and I have seen several that work the same way), you choose which numbers you want to be in the combination, but a) you cannot choose the same number twice, and b) the numbers chosen can be entered in any order. So if you choose 4132, then entering 1234 will still get you in.

This clearly greatly reduces the number of possible combinations. I am wondering how (in)secure the combination is. I have attempted manually to calculate the number of different combinations for each length code. Using manual methods, I calculate if you choose:

1-digit or 9-digit code, there are 10 combinations.
2-digit or 8 digit code, there are 55.
3 or 7 digit = 122
4 or 6 digit = 426

So 5 digit looks like the most secure. My manual method is too tedious, so I am looking for a formula I can use to calculate this, and to verify my manual method for the other length codes.

You’re looking for the number of combinations of k items from a list of n, often written COMB(n,k), which is n!/((n-k)!k!). In your case n=10, and k=1 through 5 gives 10, 45, 120, 210 and 252.

You are calculating was is know as a Combination.

To state the question, you are asking how many combinations of r digits can you choose from a group of n digits?

It is calculated as: n! / r!(n-r)!

So for how many combinations of 5 digits out of 10 possibilities you get:

10! / 5! (5!) = 3628800 / 120 *120
3628800 / 14400 = 252

This is a simple matter of permutations and combinations. Some explanations and general formula here.
If you want to choose 5 items from 10, there are 10 possibilities for the first, 9 for the second and so on. since you are selecting 5 numbers, it’s the first 5 integers counting down. So :
10x9x8x7x6 = 30240

but if the order doesn’t matter, then you divide this by the ways of ordering 5 items. There are 5x4x3x2x1 = 120 ways. The calculation looks like this:
10 x 9 x 8 x 7 x 6

5 x 4 x 3 x 2 x 1
To generalise, if you want to choose X items from Y then:

  • top row = start at Y and count down, the first X numbers
  • bottom row = count down from X to 1

So to choose 3 items from 50 it would be:

50 x 49 x 48

3 x 2 x 1

Thank you.

So obviously my attempts were bollocks. I see what I did. I was not writing out all the combinations - I was looking for patterns to extrapolate. For 2 digits, I saw there were 9 with a 0, then 8 with a 1, then 7 etc., so added them up… but I started with 10 instead of 9 and then spread that mistake through everything else.

The answer shows what I feared. With only 210 combinations for a 4-digit code, a brute force attack could go through all combinations in about 12 minutes (so an average of 6 minutes to open). I don’t feel good about leaving a house key in a lock box that is so easy to crack.

If you take combinations of all lengths combined, then there are 1024 different combinations: Each button has two possible states, pressed or unpressed, and there are 10 buttons, for 2^10 possibilities (or maybe only 1023; no buttons pressed probably isn’t a valid combination).

If you start off by restricting yourself to just five-digit combinations, then you only have about a quarter of that number, 252. But that only matters if the thief knows (or guesses) that you’re only using five-digit numbers.

If you allow numbers of 4-6 digits in your initial choice, then you get about two thirds of all possible numbers, and even if the thief knows or correctly guesses that that’s what you’re doing, then he’ll still have to go through all of those.

And whether that’s good enough depends on your neighborhood. In some neighborhoods, a stranger standing in front of a house futzing about with the spare-key holder for twelve minutes is going to be enough to get the neighbors to call the police. In others, it won’t.

I asked the same question here before I put one by my front door.

I agree that the number of combinations is alarmingly small and I did email the manufacturer to suggest that adding a couple more buttons (x and y) would make it a lot more secure.

I thought about it hard, since my door is on the side of the house so not visible from the road. With this in mind I put it nearby but not in view of someone standing there. Not brilliant, but the best I could come up with.

I also thought that burglars are not usually well versed in number theory, or, hopefully, subscribers to SD, so they might well think that, seeing ten buttons, there are a whole lot more possible combinations.

The comment in my thread:

is irrelevant because the keypad is used only rarely. In over two years, mine has been used exactly twice…

I’m curious about which lock you’re using, ‘cause, from what I know about locks, there’s almost certainly a way to open that lock that doesn’t involve brute forcing (or plain ol’ brute force) that takes far less than 6 minutes :(.

Hopefully you’re unauthorized lock opener has no awareness of Lock Sport!

CMC fnord!

Part of why I am looking into this is because our HOA is using a lock box with the same system. They always use 4-digit codes. I think everyone has a tendency to do that because of familiarity with 4 digit numbers - ATM PIN, last four of social, last four of credit card. Moving to a 5-digit code will help not only because there are more values, but because anyone guessing will tend to try 4-digits, I suspect.

My own lock box is in a fairly sheltered location, but I am not terribly worried - it is a very safe, gated neighborhood. We even tend to leave a door open - not just unlocked, but physically open, so the dog can access the fenced yard. Any burglar would have to handle the dog, of course, and risk being licked to death.

ETA: In case I seem to contradict myself above about being in a really safe neighborhood but concerned about the HOA - they are different neighborhoods.

I believe the OP is talking about the GE Supra push-button lock (recently sold under the name “Kidde”), such as this one. It has 10 buttons. There are 1023 distinct combinations, not counting the null combination which allows opening the box by pushing no buttons at all. The instructions recommend you use at least 4 buttons. In my experience, nearly every customer chooses one of the 210 4-button combinations.

Speaking as a Certified Master Locksmith, I’m not aware of any technique that allows manipulating the combination. Brute force try-every-combination-until-you-hit-the-right-one seems to be the best strategy. By my estimate, it takes about 14 minutes to try all 210 4-digit combinations. You might get it on the very first try or on the very last; on average it’ll take 7 minutes to hit it.

That is exactly what the HOA has. Mine is different but works the same way.

Look through these and tell me what ya think. (The first and third claim to show the/a technique.)

(Even assuming that these are real “picks” it really unlikely your average bad guy is going to know about the exploit. I’ve had an interest in 'lock sport" for a couple of years and I’m still shocked by just how way too many locks are way too easy to get past with no key. In the end I defer to your expertise.)

CMC fnord!

By the way, this math is baked into Google. Just type “10 choose 4”.

I’m glad you clarified, because I saw other posters using the formulas for combinations and permutations and I immediately had thought of a simple binary ten digit number (11 1111 1111) which is 1024. I thought maybe I didn’t understand the problem.

I tried the technique shown there and I couldn’t get it to work.

I was suspicious of the fact that, at the beginning of the video, they set the combination while we watch hence it’s obvious that they already know the combination. A better test would be to see them do it on a lock with an random unknown combination. But we’d have to take their word for it that it’s unknown. Even if they showed a second person setting the combination while the first person had their back turned, we wouldn’t know for sure that they hadn’t agreed in advance what the combination would be. I’m skeptical at this point.

If I get the chance to disassemble one of these locks, I’ll take a closer look at the mechanism and see whether it’s plausible that it could be manipulated the way they described.