I have just taken delivery of a key safe - http://cloudfront.vstall.co.uk/sentico/Supra_Sentico/KeySafe_400_00000079.jpg
It has ten buttons (0 to 9) and I can set a code to open it. The suggestion is that the code should be 4, 5, or 6 digits. Each digit can only be used once and it wont matter which order they are keyed in, so 15342 would be the same as 12345.
The question is - How many combinations are there for 4, 5, and 6 digit combinations?
Once you pick a number, it’s used up. So while there are ten choices for the first digit, you have only nine choices for teh second digit.
4 digits = 10 x 9 x 8 x 7 combinations
5 digits multiplies that by 6, and that product is again multiplied by 5 if you use six digits.
C(10,4) = (10987) / (4321) = 210
C(10,5) = (109876) / (54321) = 252
C(10,6) = (1098765) / (654321) = 210
There are ten ways to choose the first of four, nine ways to choose the 2nd of four, and so on, but you must divide by the number of orderings. (There were four ways to choose the 1st of the four you selected, and so on.) These numbers come up frequently; Google “Pascal’s Triangle.”
It should be no surprise that C(10,4) = C(10,6). The number of ways to choose 6 numbers to avoid is the same as the number of ways to choose 6 numbers to select !
This doesn’t take into account that the numbers are unordered.
As explained in detail by septimus in the post above yours. 
So - if a potential thief can assume that I will use either 4, 5, or 6 combinations, then he will only have to make a maximum of 672 attempts to open the safe. Of course he is likely to hit the winning number on average after 336 tries.
Now an opinion. Is it the consensus that this is sufficiently secure or not?
If this were a safe for holding real valuables, it wouldn’t be considered remotely secure in the least. As far as a key safe in the real estate business goes, this is pretty much the expected norm as far as security goes. Which is a very low standard. (Around here they are moving to dialup codes. The buyer’s agent calls a number, gets a code, and uses that. So there’s some record of who was supposedly in the house. Still not all that great but what can you do? Well, cameras for one thing.)
When I read that the combo didn’t have to be in order, I went :eek:.
This does not seem terribly secure to me. Even a simple 4-digit lock has 10,000 possibilities. Shoot, even a 3-digit lock has more combos than your safe.
How long does it take to try a combination? Even if it takes just 10 seconds, it would take more than a half-hour to try just 200 combinations; a thief would probably look for an easier entry.
It would be good if the mechanism forced longer delays after misguesses, but I don’t think it has that feature.
Someone standing at your door going through hundreds of combinations trying to break into your key safe is going to look suspicious. Eventually, a neighbor’s going to see him, and call the cops.
You also have to consider that most thieves probably aren’t going to be smart enough to go through all the combinations systematically, so they’re going to repeat ones they’ve already tried and take even longer.
Now, if the thief rips the safe off of whatever it’s mounted to, they could take it home and try all the combinations in private. But then, ripping a safe off its mounting is also going to arouse suspicion, and if they’ve got it in private, the mathematical security won’t matter anyway, because the universal combination is “a really big hammer”.
It doesn’t make much difference if he assumes that, anyway. If you don’t restrict yourself that way, there are 1024 combinations, so you’re eliminating less than a third of them by sticking with 4, 5, or 6 digits.
The math part has been answered, but I believe we’re both over- and under-estimating potential thieves.
One simpler solution is to target a different house. Another is to use a window or physically break the door. Even if 600 combinations isn’t all that many, it’s more effort than you really want to expend on a smash and grab.
It’s just not worth the time and effort just to get a single key.
I dunno…this seems like a stupid system to me. Each key, only once, and any order? A thief could probably just look at the keypad and see which keys either: a) show signs of wear or b) have grease/oil on them. Just a little talc and it should be fairly trivial to figure out which keys are being punched in.
does the thief know the combinations don’t have to be in order? because otherwise it’s a bit more secure than it sounds
No, these are really easy to crack. Look for the buttons with signs of use. And since order doesn’t matter, this is makes it incredibly easy.
One computer room at a place I worked had a 6 button system. Which buttons were used in the 4 digit code was obvious. (And always try the dirtiest once first.) Didn’t take any time for me to figure it out. And this was a lock where order mattered.
There’s a lot better ways to figure out these locks than just trying every one.
Note on house security and insurance: It usually makes a huge difference in getting reimbursed for stolen items if there are signs of a break in. Sure, anybody can get into most houses by breaking a window or kicking down a door. But that makes it a lot easier to collect. If the crook just walks in due to a weak lock (or an unlocked door or window), you might be doubly unhappy.
Buy really good locks and use them.
Kramer: You have insurance, right buddy?
Jerry: No.
Kramer: How can you not have insurance?
Jerry: Because! I spent my money on the ClapCo D29. It’s the most impenetrable lock on the market today. It has only one design flaw: the door….must be closed!
I don’t recall the exact formula for combinations (order matters) vs. permutations (order doesn’t matter) but I do recall that the formula for combinations the permutations. Since order doesn’t matter in this case, we stop at calculating the permutations.
You got those backwards. Order matters in a permutation, it does not matter in a combination. (So combination locks should really be called permutation locks).
And the calculations above by septimus are correct.
