
Tourist's lucky guess cracks safe code on first try - jmkd
https://www.bbc.co.uk/news/world-us-canada-48477081
======
clumpthump
[https://www.cbc.ca/news/canada/edmonton/vermilion-alberta-
sa...](https://www.cbc.ca/news/canada/edmonton/vermilion-alberta-safe-busted-
lock-open-1.5159979)

The CBC article differs in two important aspects. The BBC article says they
"enlisted the help of experts", when the CBC article says they just called a
locksmith who gave them some combinations to try over the phone. The BBC
article makes it sound like some tourist just tried a random combination,
while in the CBC article, a machinist put his ear to the safe and listened for
clicks.

~~~
m463
I think they both tell a similar story. Someone on the tour (a machinist)
played with the safe and got it open.

The experts tried it at were at a different time in the past.

~~~
cl0ckt0wer
You can be an expert tourist.

~~~
m463
I imagine someone traveling wearing khakis with lots of pockets, pulling a
wheelie cart with a handle, breezing through airport security and opening
encountered locks in moments.

~~~
Fjolsvith
He is being followed by a guy in a pith helmet with a moustache and a big gun.

------
olalonde
If the combination does allow for wiggle room and the 1 in 8000 figure is
correct, the code could have been brute forced in a couple hours. Source: my
wife has a habit of forgetting the combination to her 3 digit luggage lock and
I had to brute force it a few times (it's surprisingly quick, about 15
minutes) :)

~~~
emilfihlman
The good thing about normal combination locks is that you can try all
combinations sequentially with minimum movement.

    
    
      000 start
      001 1 move
      002 1 move
      ...
      008 1 move
      009 1 move
      019 1 move
      018 1 move
      ...
      011 1 move
      010 1 move
      020 1 move
      021 1 move
      ...
    

and so on.

~~~
kozhevnikov
I feel like saving 1 move in 10 (9 to 10 is 2 moves, 10 to 11 is back to 1
move) is not worth the mental capacity required to remember current up/down
direction. Easier to let the muscles do the work and let your mind wonder.

~~~
emilfihlman
That's a good point, though I do think that it's not that big of a mental
hurdle. Consider knitting, for example.

------
pferde
A combination "20 - 40 - 60" on a dial that goes from 1 to 60... Sounds like
an equivalent of a factory-default admin/admin login credentials. I wonder if
it really was the default combination that the safe was bought with, and the
owners never bothered to change it. :)

~~~
jperry
>The museum had previously enlisted the help of experts to crack the code,
tried default combinations, and had contacted former hotel employees to see if
they could help.

It doesn't sound like it was the default, just a "password1" situation.

~~~
darkpuma
Or maybe they just hired shitty locksmiths. Shitty locksmiths are often easier
to find than real locksmiths.

------
air7
If the code was 20-40-60 and the "enlisted help of experts" failed to crack
it, then said experts are not really up to scratch.

~~~
prvc
>The odds of Mr Mills correctly guessing the combination are pretty long, says
the University of Toronto's Jeffrey Rosenthal, author of Knock on Wood: Luck,
Chance, and the Meaning of Everything.

>He calculated the chance of correctly guessing the combination on one try as
1 in 216,000. (His calculation assumed the safe numbers actually ran from one
to 60).

Glad they managed to find an expert with the calculating skill to clear up
that other enigma as well.

~~~
GCA10
Just to be cranky, shouldn't we eliminate all the permutations that use the
same number three times? (i.e. 11-11-11)? My knowledge of combination locks
doesn't extend much beyond goofing with Master locks in high school, but the
more rudimentary designs require that the middle number be different from
either of the two end ones. This doesn't sound like a super-advanced safe.

~~~
lostlogin
All the safes I have used have codes that get closer to ‘0’ with each
turn/direction change. This might be a low number when turning anti-clockwise
or a high one when turning clockwise. These weren’t sophisticated mechanisms,
so it might just be these models.

------
jnty
"The fact that the combination was in a specific pattern and did not appear to
be a random combination of numbers could also factor into a calculation of the
odds, he added."

Hehe. I guess he'll have to produce a list of non-random numbers to work those
odds out.

~~~
kingkawn
Randomness produces patterns all the time, and if we cut out the patterns that
appear, then we are selecting the pattern that we’ve labeled as ‘random.’

~~~
empath75
Humans are terrible at selecting truly random numbers so if the combination
was picked by a person, and people who were guessing were also people, then I
would say that the odds are significantly better that the safe would be
cracked than what you would expect from calculating the permutations.

------
khendron
Reminds me of the time I was playing a computer game, and right at the
beginning you are presented with a door 5-digit combination lock. The
objective of the game was to explore the game world and eventually discover
all 5 digits of the code.

First time I played the game I just randomly entered 5 digits, and the door
unlocked.

~~~
ThePadawan
We have gotten to that point that so many new games are making references to
"0451" being the first door code in old video games (System Shock, Deus Ex),
you can pretty reliably use it as a first guess [0].

[0]
[https://www.ttlg.com/forums/showthread.php?t=147925](https://www.ttlg.com/forums/showthread.php?t=147925)

~~~
fivefive55
I remember my uncle playing my copy of Bioshock way back when, he walked up to
a random door and typed in 0451 and it opened. My mind was blown.

------
gruez
>The museum had previously enlisted the help of experts to crack the code

since they have (essentially) infinite time, why couldn't they attach a
machine that tries all possible combinations? feels like something that
someone from the high school robotics club could come up with.

~~~
sricks3
The article states that the museum is in a town of a little over 4,000 people.
My guess is there was simply never the right combination of interest,
knowledge, and resources available.

~~~
tantalor
> the right combination

ISWYDT

------
ElFitz
This reminds me of Feynman

[http://www.openculture.com/2013/04/learn_how_richard_feynman...](http://www.openculture.com/2013/04/learn_how_richard_feynman_cracked_the_safes_with_atomic_secrets_at_los_alamos.html)

------
jimmcslim
1 in 216000... seems like you could build some robotic device to brute force
that pretty easily... or you know, introduce it to a thermic lance.

EDIT: sorry, my research suggests that safe-cracking with thermic lances is
plausible but not practical (source; Mythbusters, of course)

~~~
spyder
or maybe with a handheld x-ray like this:

[https://www.youtube.com/watch?v=ovqJpcaWD7o](https://www.youtube.com/watch?v=ovqJpcaWD7o)

but not with every safe:

"Some modern safe locks are made of lightweight materials such as nylon to
inhibit this technique, since most safe exteriors are made of much denser
metals"

[https://en.wikipedia.org/wiki/Safe-
cracking#Radiological_met...](https://en.wikipedia.org/wiki/Safe-
cracking#Radiological_methods)

~~~
SuperGent
Not that this was a modern safe (Thought to be bought in 1907)

------
mikepalmer
Everyone is so amazed that he opened the safe “on the first try” but the
article also says, “Like the Mills family, other museum visitors played around
with trying to open it, with no success.“ Moreover the museum had had the safe
since the mid 90s, at least 20 years... sounds like lots of tries by
tourists... is it really so surprising that someone eventually opened it?
Probably people don’t sit there all day, they try once or twice then let the
next person have a go... so maybe 50% chance that the person that opened it
would get it on their “first try”. (If not the article would have said “almost
immediately” which would be nearly as newsworthy.) Sounds like the multiple
comparisons fallacy.

More-moreover, not unlikely there are multiple safes in public places like
this in the world (I have seen at least one before in an antique shop that
people would try like this) but this is the one that got opened and therefore
written up in the news... sounds like survivorship bias.

------
hnzix
_> Typical combination lock_

Now hands up everyone who's TSA luggage lock combination is 9-1-1. Social
engineering is the most interesting cracking to me.

~~~
brewdad
I prefer 666 as a subtle reminder to the thief that they are being naughty.

------
chansiky
During high school, I played a lot of morrowind and thought it was cool to
learn how to pick locks. I had already known how to break combination locks,
and I already taught myself to open traditional pin and tumbler locks. I saw a
number lock with 4 digits and I couldn't help myself. Considering they were
just numbers I thought to myself, this is a guaranteed crack. So every day
before and after class, I would take a minute to mechanically go through about
50 numbers. Testing numbers is surprisingly quick.

It only took me like 3-4 weeks of testing a few numbers before and after class
and I had it open.

The loot? A pair of used gym socks, shoes, and one of those math homework
books you write in.

------
thetrainfold
"he noted that some combination locks allow for wiggle-room and if this one
had a three-digit leeway, Mr Rosenthal put the chances at 1 in 8,000, "which
is still a small chance"."

If this is the case, and there have been museum visitors having a go at
opening the safe each day... this becomes a non story, right?

~~~
bArray
Humans are terrible at picking random numbers, it's quite likely many people
tried the same thing (more or less).

~~~
jopsen
But if the code was set by humans, it just makes finding it even more
likely...

~~~
bArray
Only if somebody uses a human generated number (as done in this case). If it's
genuinely random then it could take humans quite a while.

------
emiliobumachar
Alternative headline: after experts fail, museum successfully crowdsources
brute force attack on safe, over decades.

With all due respect to Mr. Mills, in this context he's a pawn in someone
else's master plan.

------
mettamage
What are the chances someone will crack any safe and that it will be a news
worthy item?

Sounds like the newest hippest curve ball question on an interview :D

~~~
nickthemagicman
The chances of getting to correct number + (the number of news reporters per
square mile in the town/total population per square mile)

------
superasn
The code was 20-40-60 is like somebody setting their account password as
"password123" to me

------
benj111
Its interesting that this is interesting.

People win the lottery all the time, they aren't newsworthy in the 'lucky
guess' sense.

On the other hand whenever someone gets out a pack of cards I always try and
guess the top card. Eventually I'll get it right.

------
RickJWagner
Reminds me of the famous 'Luggage Combination' scene from SpaceBalls.

[https://www.youtube.com/watch?v=_JNGI1dI-e8](https://www.youtube.com/watch?v=_JNGI1dI-e8)

------
monkeycantype
I thought the bbc had mis-lablled a photo of Gennady Korotkevich.
([https://en.wikipedia.org/wiki/Gennady_Korotkevich](https://en.wikipedia.org/wiki/Gennady_Korotkevich))

~~~
monkeycantype
Gennady Korotkevich is a competitive coder who go's by the handle _tourist, so
I read this headline as about him cracking a safe

------
hajhatten
> "They have no value really, but they are of great interest to us. It gives
> us a little bit of idea of what the places were like in 1977, '78," said Mr
> Kibblewhite.

This must be the most American thing ever. 40 year old stuff treated like
they're ancient.

~~~
hudibras
>This must be the most American thing ever.

Guys, who's going to be the one to tell him?

~~~
refurb
I’m sure the Canadians will be here shortly to correct him.

~~~
ape4
The sentence right before is: The pad included receipts for a mushroom burger
for C$1.50 ($1.12; £0.59) and a package of cigarettes for C$1.00.

