An observation about 4 digit PIN's. They're even weaker than you might think just from "doing the math" at least in some cases. Sure, there's 10000 combinations to search through if you're trying to brute force one, but I'd bet money that in most cases you don't need to search anywhere near that many.
Case in point: I had a unit at a mini-storage place once. And you needed a 4 digit PIN to get through the gate. And I forgot the PIN I used. I was sitting at the gate for a minute, staring at the keypad and realized "wait... hundreds of people have PINs in this system and the system doesn't care which one you use". So I just needed a PIN that somebody used. So I started with years that would have been reasonable birth years for an average adult at that time and starting going up. I think it took about 6 tries to find a valid PIN.
Now granted, this is different than trying to brute force a specific person's PIN. But even then, I expect that in many cases an informed search will crack it a lot faster than a purely sequential search or a random search. Using common birth years, well known numbers like "5150", "1234", "4321", etc. is probably going to work a lot of times.
The lock on your front door is more secure than the lock on your bedroom door. This tradeoff is for convenience, of course.
A entrance to a mini-storage place is probably OK to be weak. Presumably, you are required to have a proper lock on your own unit. Likewise, the PIN is generally the 2nd factor (along with "something you have") for important things. I'm OK with the convenience of having only a 4 digit PIN on my ATM card since I can reasonably protect & deactivate the card. If someone forces me to enter my pin under duress, it doesn't really matter how many digits it is.
> A entrance to a mini-storage place is probably OK to be weak. Presumably, you are required to have a proper lock on your own unit.
You'd like the entrance to be strong, because access to the entrance grants you secluded access to all the units, and angle grinders beat locks in seconds, proper locks in just a few more seconds.
Of course, cars beat entrance gates pretty easily too.
If it's ok to be so weak that it's trivial to enter like this, why have the lock at all? The cynical (and probably accurate) answer is that it's security theater designed to give customers warm fuzzy feelings cheaply and with low risk of lockout calls and maintainance issues. It does basically nothing to keep someone from taking your stuff.
It's weak, but I don't know if trivial is the right word. Like a bedroom lock, it does what it needs to do. First, the lock is probably there to make it easier for one remote security guy to monitor many locations after hours. They can be alerted when a door opens, has been ajar for a while and along with a camera, see what's going on. Other than that, you also want a lock to help keep the door closed to help keep climate control working efficiently, keep animals out, etc. Like I had been alluding to, when you rent a unit, you're told that you are responsible for locking your own unit with a specific, harder, lock, like a front door lock. If an attacker can get by this lock, entrance to the premises would have been possible as well.
On that note, I don't think the absence of a super strong lock on the front door of a storage place invites criminals. I live near open air storage facilities where anyone can just walk up to the units, like they're walking by cars on the street or in a parking lot. Thefts from storage units are just not big enough of an issue to require additional measures.
Probably worth noting that using another PIN like that to enter a storage facility is almost certainly a breach of terms of use. Such that, if you did anything in there that is not ok with everyone, they have easy legal recourse against you.
My mini storage place issued me a code that was just the number of my box and the year I was born. Knowing this, I could probably brute force someone else’s code in 30 seconds.
I'm sure they have cameras that could trace things back to you.
In my mother tongue there's a saying that that roughly translates to "The lock on the door isn't there to keep you out. It's there to communicate that you're not wanted there."
But this is coming from a culture that's rather communal where shared property is often the default.
This reminds me of when I was in HS. There was a auto car wash that would print a number on a receipt for one to enter and get a carwash with. One day for whatever reason I just punched in 12 random numbers and it worked. And thats how I got free car washes all through high school...
> in most cases you don't need to search anywhere near that many
If the pin is chosen randomly with a uniform distribution over the 0000 to 9999 range, then the average brute force search will probe 5000.5 combinations.
And even if the number is randomly generated, many devices accept any string of digits that end with the correct four digits. Pressing "12345" actually tests both codes "1234" and "2345".
I'm sure there's an optimal sequence of keypresses that tests all 10000 codes in something like 30,000 keypresses rather than the naive 40,000.
Also true of those old "lockbox" key lockers that real estate agents use to "protect" the keys to your house.
This made me uncomfortable when I was selling a house, so naturally I wrote some code to generate a string of digits that would cover the full solution space most efficiently.
Armed with this "master key", I had the lockbox open in negligible time. Honestly I think it was just a few minutes, and I was about halfway through the string.
This let me put the key out only when a showing was happening, and I brought the lockbox to the closing, which baffled the real estate agent.
To be fair that was decades ago. The mini-storage place I use now asks for your unit # AND your PIN. So it would be a lot harder to guess like described above.
Yes! Back in the 1980s when long distance telephone was a thing, I used to dial (301) 737-2051 followed by a 5 digit pin to get access to a service that the let me enter a long distance call. It only took about 20-30 manual attempts for me to guess a valid 5 digit PIN! I'd just increment my guesses by 1 each time.
It's apparently the California law section number for restraining a mentally unwell person or something, so has law enforcement and slang usage, and there's a 1986 chart-topping song named after it. (I'd never heard of it either, but I'm not Californian.)
I had the same question. It is the title of a Van Halen record album, also a section of the California legal code related to mental health, according to a simple search.
And Eddie’s amp model, the Peavey 5150. It’s become the de-facto standard for the more extreme metal bands.
When Eddie took the rights with him to Fender and they made the EVH 5150 (another fantastic amp), Peavey renamed this line to the 6505 series, so there you have another four-digit code to use.
Well the 5150 was Eddie’s Studio Postal Code, but if we are going down this road :-) I would like to point out at some point in time they run out of Sylvania 6L6 Power Tubes... then Peavey started with Chinese Ruby 6L6 Power Tubes for the EVH5150 and they dont sound the same...
Its the famous law for involuntary mental lockup in California, then referenced a lot in pop culture, probably most notably with a Van Halen album named after it. Its used in a lot of jokes, but also oppressively. I think we've seen some divorce court releases and such on how to "5150 my wife," how cops abuse it, etc.
The biggest job of the front entrance gate at a mini-storage business is to keep random people from loitering in the area, so the cameras(/hypothetical people watching the feeds) have an easier time witnessing a break-in.
Case in point: I had a unit at a mini-storage place once. And you needed a 4 digit PIN to get through the gate. And I forgot the PIN I used. I was sitting at the gate for a minute, staring at the keypad and realized "wait... hundreds of people have PINs in this system and the system doesn't care which one you use". So I just needed a PIN that somebody used. So I started with years that would have been reasonable birth years for an average adult at that time and starting going up. I think it took about 6 tries to find a valid PIN.
Now granted, this is different than trying to brute force a specific person's PIN. But even then, I expect that in many cases an informed search will crack it a lot faster than a purely sequential search or a random search. Using common birth years, well known numbers like "5150", "1234", "4321", etc. is probably going to work a lot of times.