# Why using a number twice in your PIN might be a good idea

Modern smartphones use large glass touchscreen panels that show the presence of grease from hands and faces very easily. Should your phone be stolen it could be possible for the thief to discern the PIN required to unlock it by analysing these grease patterns.

If your pin was “1234” then the thief would only have to try all 24 permutations in order to guarantee being able to unlock the phone:

• {1,2,3,4} {1,2,4,3} {1,3,2,4} {1,3,4,2} {1,4,2,3} {1,4,3,2} {2,1,3,4} {2,1,4,3} {2,3,1,4} {2,3,4,1} {2,4,1,3} {2,4,3,1} {3,1,2,4} {3,1,4,2} {3,2,1,4} {3,2,4,1} {3,4,1,2} {3,4,2,1} {4,1,2,3} {4,1,3,2} {4,2,1,3} {4,2,3,1} {4,3,1,2} {4,3,2,1}

But if you had chosen “1233” then the thief would not know which number had been used twice, and would have more permutations to check:

• {1,2,3,3} {1,3,2,3} {1,3,3,2} {2,1,3,3} {2,3,1,3} {2,3,3,1} {3,1,2,3} {3,1,3,2} {3,2,1,3} {3,2,3,1} {3,3,1,2} {3,3,2,1}
• {1,2,2,3} {1,2,3,2} {1,3,2,2} {2,1,2,3} {2,1,3,2} {2,2,1,3} {2,2,3,1} {2,3,1,2} {2,3,2,1} {3,1,2,2} {3,2,1,2} {3,2,2,1}
• {1,1,2,3} {1,1,3,2} {1,2,1,3} {1,2,3,1} {1,3,1,2} {1,3,2,1} {2,1,1,3} {2,1,3,1} {2,3,1,1} {3,1,1,2} {3,1,2,1} {3,2,1,1}

By choosing a PIN with a repeating digit you have made it 50% harder for the thief. It is also possible that the thief might not realise that a digit had been repeated, and then have to guess at the fourth digit, which would make life much harder. If this idea is extended to a 5-digit PIN then the increase in difficulty becomes 100% – it is twice as difficult with a repeated digit as without one. For every digit added it becomes fifty percentage points more difficult.

# Why putting missiles on roofs in London isn’t as dumb as it sounds.

The UK government has recently announced that it will be placing Starstreak HVM surface-to-air missiles on some roofs in London as a security measure during the 2012 Olympics. This has caused a bit of a kerfuffle.

Below are some thoughts on the issue from a physicist’s point of view.

What are Starstreak missiles and how do they work?

The Starstreak is a short-range laser-guided surface-to-air missile. When launched it very quickly accelerates to Mach 3.5 (1200 metres per second) and is then guided onto its target by a pair of laser beams projected from its ground-based aiming unit. Being laser-guided means that unlike heat-seaking or radar-seeking missiles the Starstreak cannot be avoided through the use of chaff or flares; however unlike those missiles it does not have fire-and-forget capabilities.

The Starstreak Light Multiple Launcher showing three Starstreak missiles and the guidance unit.

Once the Starstreak approaches its target it releases three 900 gram tungsten-coated beam-riding submunitions. Once one of the submunitions (or all three) impacts the target a short delay fuse is activated and the 450g of explosive inside the submunition explodes inside the target, throwing out tungsten alloy shrapnel and tearing it to pieces.

What scenario is the deployment of Starstreak missiles designed to prevent?

My guess is that the government is trying to defend against suicide bombers using aircraft as weapons. A heavy aircraft moving at high speed has a large amount of kinetic energy and this, coupled with the chemical potential energy in the fuel, makes it a formidable weapon.* The Olympics will concentrate a large number of people in a small space which makes the Olympic sites attractive targets.

If a plane is shot down, won’t it kill people when the wreckage lands?

It depends on the size of the aircraft involved. A light aircraft at high altitude wouldn’t produce much dangerous wreckage, a low-flying jumbo jet would. But falling wreckage will kill far fewer people than an aeroplane striking one of the Olympic sites would.

The force of the missile’s explosion will tear any aircraft into pieces, and once the structural integrity of the aircraft is ruined the force of the wind will tear it into further smaller pieces. Each of those falling pieces will reach terminal velocity relatively quickly and will therefore strike the ground at a lower speed than if it were flown into the ground under power. The video that has been going around showing a helicopter shot down by a Starstreak missile crash into the ground in a fireball is of a guidance test – the missile in the video was not carrying an explosive payload.

What about burning jet fuel hitting the ground?

This is much less of a problem. An explosion inside an aircraft, combined with the high-speeds involved would aerosolise the fuel, causing it to burn up very quickly in mid air. Again, this is a much lower risk than if a plane full of jet fuel were to crash into one of the Olympic stadia.

Won’t the missile launches damage the buildings they’re launched from?

No. The Starstreak missile is ejected from its launch tube by a low power first stage rocket motor that is extinguished before the missile leaves the tube. The powerful second stage motor doesn’t kick in until the missile is safely away from the launcher, meaning that there is almost no recoil at all. The launch of a Starstreak missile produces no significant overpressure so there is no danger to windows or walls. The missiles have to be launched from roofs or open spaces because the rocket requires a certain amount of space to accelerate to attack velocity.

* It was the chemical energy in the tens of thousands of litres of fuel that were responsible for the collapse of the Twin Towers in the 9/11 attacks. Had the planes had no fuel aboard the Towers would have survived.

# Understanding the problem with RSA

Recent reports suggest that the very commonly used RSA encryption algorithm has significant security flaws. I couldn’t find a good explanation of the mathematical problem that causes these flaws online, but I think I’ve worked it out below.

The security of RSA keys rests on the difficulty of factorising the product (usually called n) of two large primes (usually called p and q). Multiplying p and q together is a very quick operation, but working out which p and q were multipled multiplied together to make a given n is very time consuming. If you don’t believe me, see how quickly you can multiply 3259 and 6553; and compare this with the time it takes you to work out which two prime numbers were multiplied together to make 60557843.

In cryptography, n is the public key and is made widely available, whereas p and q make up the private key and must be kept secret. Public keys are usually published to keyservers (here’s mine) and this means that they can be freely downloaded.

Researchers from the Ecole Polytechnique Fédérale de Lausanne in Switzerland downloaded 11.4 million RSA keys and discovered that a number of RSA public keys share a prime factor; that is, they have a different n with one overlapping p or q. This is problematic because finding the greatest common denominator of two numbers is a very quick process when compared with the time taken for prime factorisation.

If we take 60557843 (from above) and compare it with, for example, 15381367 we can very quickly find that they share 7741 as a factor, and with that piece of information we can find the other prime numbers very quickly.

This should not be a problem, because the prime numbers used in encryption are very large (usually hundreds or thousands of digits) and the chance of a “collision” is very small. But if the system used by the computer for generating prime numbers is not truly random then two computers using the same system are likely to produce the same prime numbers and these collisions become far more likely; the researchers found that about 0.38% (1 in 263) of keys were “faulty” in this way.

In conclusion, the problem exists not with the RSA algorithm itself but with the pseudo-random number generators used in RSA systems. Those generating encryption keys should ensure they use a hardware random number generator, one that uses a truly random process such as radioactive decay, to generate their random numbers.

# Hacking PIN pads using thermal vision

There is a mission in the first Splinter Cell computer game where you have to use your thermal vision to read a keypad code entered by a guard. Researchers from University of California San Diego have now shown that this is entirely possible.

Building on earlier work by Mike Zalewski the researchers have shown that codes can be easily discerned from quite a distance (at least seven metres away) and image-analysis software can automatically find the correct code in more than half of cases even one minute after the code has been entered. This figure rose to more than eighty percent if the thermal camera was used immediately after the code was entered.

K. Mowery, S. Meiklejohn, and S. Savage. 2011. “Heat of the Moment: Characterizing the Efficacy of Thermal-Camera Based Attacks”. Proceedings of WOOT 2011. (.PDF 9.53Mb).