Funny, but easy to fix (somewhat). Just make using all keys mandatory.

Well you could generate a random new code every week, but then you might still be able to tell by cleaning the pad with alcohol and returning a day later with some graphite (pencil shavings) checking for greasy finger marks.

You can tell that I spent the '80s watching MacGyver.

you dont need to wait for them to wear out and break in. A bit of ear wax on each each key and then try and look/see the approx position of first or last number to reduce the possibilities. You can be across the street and still see the first or last number. Best by a door full of smokers as they use one hand to type and the other doesnt block your view as it is usually near the mouth having a last drag.

I actually had a Loss Prevention guy at our company not know this. Burglars got into one of the safes without cracking it (they cracked the other one. The LP guy pointed out that "they must have known the combination".

I said, "Not really. There's four worn keys. I bet anybody would try those first."

This was HIS job to catch people?

Yeah, 1234, I can tell because of the wear on that four button. by that logic, i posit that the password is 5074.

You get the same thing with the Android Google phone. A grid of 9 dots on the screen is used to unlock the phone, to unlock you have to drag your finger across the right pattern of dots. After a few unlocks this leaves an oil track that is easily visible when held to the light at the right angle. I have been able to unlock most of my friends phones in two tries, it is just a matter of picking the beginning of the trail.

What about displaying the numbers in random order? It makes logins less automatic but it would defeat fingergrease detection on touchscreens (and with clever use of 7-segment LED displays in the keys also on physical touchpads).

No such thing as security.

Quite hilarious (and interesting - I bet few keypad makers think this far ahead), but just a quick note: URL changed to http://www.schneier.com/blog/archives/2009/07/information-lea-1.html

When you leave, you should punch a false code which uses the keys not in the real one. Kind of like zeroing out a combination lock.

#4: That's actually a very common feature in entry keypads. The buttons are just clear (or red) plastic shells over 7-segment LEDs, and they randomize themselves each time a code is entered.

@4 It would just make people turn of identification, if they can.

I've used this leak to remember the passcode on a five-button door lock that had only three digits in the code. When I put a keypad lock on my front door I made all codes at least ten digits long, partially for this reason, and partly to make it harder for people who watch me enter the code to memorize it; they say seven digits is about the limit for what most people can remember at once.

Interesting information in itself it touches me more as revealing a little how much we inscribe ourselves in the World, even without noticing it.

A simple solution would be to use the PIN number for a consecutive summation: if the PIN is 1,2,3 and 4, for example, first the machine choses a properly randomized digit, let's say 5, to which the user adds the first PIN digit and enter 6; next the second PIN digit is added to that sum, 6+2=8, then 8+3=1 or 8+3=11(drop the tens position digit or not) etc...

See any flaws?

Uhhh.... Why can't the numbers be repeated? Like 1111? In a 4-digit code, there are 4 to the power of 4, or 256, combinations. Not 24.

See any flaws?

Since many people nowadays have trouble counting to ten... None at all really.

A cop once told me that if they want to know who sells dope in a given house, they just look for the doorbell button which is most worn. Quite logical, come to think of it.

I recall Walter John Williams using this as a plot point in Days of Atonement back in '91 or so, and I expect it was around well before that.

Pilots I knew in the RAF claimed that the shiny switches were the ones you pressed or flipped during pre-take-off checks, and the grimy ones were the ones you hit in an emergency...

They should manufacture randomly pre-worn keypads.

local airport was like this... no one memorized the combo, they just pushed 19 then the other two keys... two tries max... and this got you into the back gate... so much for airport security... LOL
the only real way around this is to use a slide card type lock but it defeats the "keyless" entry idea :(

I used this technique to engage the alarm system at a Kinkos when I was a teenager. Just after the manager disengaged the system I told them that it was me and I has set it off by guessing the code via punching the dirty buttons on the alarm keypad.

I did the same thing again a few years later at my campus copy centre.

Good times.

This is how Edison and Theora got into Bryce Lynch's office/room on Level 13 in the Network 23 building.

IJ2FI

And that was back in 1987. (Plus or minus 20 minutes)

It for this reason that whenever I enter a PIN or code somewhere, I press all the numbers on the keypad. It probably won't save me from an ingenious crook, but it gives me peace of mind.

I work in a fairly high security office complex and everyone has their own randomized pin for the keypad entry doors. To enter the building from an un-manned entrance you tap your badge and enter your pin, then a chime goes off and you open the first door. When that first door closes, another chime goes off and you open the second door. When that door closes someone else can go through. You're watched on camera the whole time, and if you mess up any part of it a loud alarm goes off, security personnel descend upon your location, and your co-workers will make fun of you for the rest of the day.

Anonymous #15 said:

Uhhh.... Why can't the numbers be repeated? Like 1111? In a 4-digit code, there are 4 to the power of 4, or 256, combinations. Not 24.

Hint: How many worn keys would there be if the code were 1111?

Wait! 1234! That's the combination to my luggage!

yeah, if one of the numbers are repeated, only three keys will have been pressed.
a friend of mine lived in a house with the code 8008 (or similar). he was a bit surprised when i showed up at his apartment door whithout him buzzing me in first.

I wouldn't say "Bruce Schneier points out..." I'd say he "joins the rest of us in noticing..."

i've used this technique on those garage keypads, forgot the code but once i saw the 4 worn keys I guessed it right away

Sometimes, it's not the worn keys which leak information. It's the brilliant, spotless ones on an otherwise POS keypad.

@Yorgle #22

You win the internets, sir.
"Plus or minus 20 minutes" made my day.

I was in a similair situation at my previous job. The same code for years: 1847. Then one day, without notice that code didn't work anymore. I took the other entrance and asked about the code:
"corect, the code changed, it's now 1846"
"only one number changed?"
"yeah, the 7 button broke..."

I was working after hours at a pseudo-military complex in Singapore one night. We had to get into a secure area, but no one was there to buzz us in. On the keypad, the '8' key was almost completely worn through, and the Enter key was visibly worn. We guessed the password on the first try. Good job, Singapore military.

I've worked in several secure offices where they had a magcard scan to activate a randomizing keypad. The worst part about it was that the key pad was 3x4 (similar to a phone) so there were always two symbols on there too.

On entry to most secure military locations, there is a randomizing digital keypad, all numbers are randomized and cannot be seen from less than 3-4 degrees off center.

For these, the numbers might also be 12341234 or 119688, there's no reason to think the code length is only 4 digits. But it is likely.