- So my cube-key will look to anybody else as a regular scrambled cube. If my kid finds it and solves it, I'm kind of doomed, right? So what's the plan, I'm supposed to remember the state of the cube?
A admit I'm dumb and lazy - I didn't read the paper, maybe it's covered there - but this sounds quite vulnerable to dictionary attacks, like those phone unlock paass where everybody puts a Z, the cube-keys will mostly be "Solved with red/yellow middles swapped"
- Cool demo, but this is only log2(43 quintillions) = 65 bit security.
Kind of related is DiceKeys, with 192 bit security: https://www.crowdsupply.com/dicekeys/dicekeys
- This is a great example of the "I wonder if I could"-kind of research. It doesn't have to be practical. I doubt the authors intend it as a viable security product. It is the kind of "just playing around" thinking that can sometimes lead to brilliant insights. Keep up the good work.
- If you add orientation arrows to the center squares, you can add a couple of bits to the strength.
There are multiple ways to solve the cube, if orientation of the center pieces is made visible and significant.
- Awesome! https://news.ycombinator.com/item?id=44768459
Couldn't you "just" use a webcam to scan any particular cube? Seems like you could "easily" detect when you've seen all 6 unique faces and there should be libraries around that will read cubes.
by charcircuit
0 subcomment
- We've already established that pattern based passcodes are terrible for security. I expect this to be worse than patterns because people can not easily remember or know how to fix mistakes which will result in most people picking simple ones.
- Why leave the paper out of the git repo?
If you are the author could you link to a copy of the paper?
Hacker News