The Safe as a Web Server

Safes. They are big, heavy, and make us feel, well, "safe" about our valuables stored inside.

Historically, safes were controlled by a series of complex gears that only the correct series, or "combination", of dials would open. I loved the illustrations for gears and other mechanical devices in David Macaulay's "New Way Things Work".

Digital safes, whether the professional variety of the home variety, were created largely for convenience. They are faster to open, easier to share (and change) codes, and required less physical space for all of the gears.

While mechanical safes always had shortcomings, primarily the difficulty in changing the combination in case a trusted person no longer can be trusted, it was always believed that "serious" safes would be mechanical. After all, digital is subject to simpler codes, mistakes, and electronic eavesdropping. To be honest, mechanical just "feels more solid."

In the end, however, mechanical safes depend on the key limitation of humans: the retry factor. A human being can try only so many combinations in a minute. Even more, when one does not work, the safecracker never can be sure if s/he really did dial 25 left, or maybe slipped and did 26 left. Assuming a decent safe with 100 numbers on the dial and 3 steps to the code, and that it takes a person a very optimistic 30 seconds to try each code and reset, it would take 1MM tries or 500k minutes to try all of the codes. It is highly unlikely that a burglar has even one percent of the 347 days required to try all of the combinations!

Sadly, but inevitably, this is no longer a limitation.

A simple, $150 device, created of some gears, sensors and a stepper motor, can try all of the combinations, much faster and with greater reliability than any human. Assuming they are working with a similar safe to the one above, their estimate of four days to crack a safe is a nearly five orders of magnitude improvement. Simpler safes will take far less time.

At heart, though, this is just another example of many security systems that depend upon the time to perform it. Inevitably, all such mechanisms become victims of automation and improvements in computing speed. As Apple learned to its dismay during the iCloud leaked pictures scandal, the only way to stop that kind of brute force attack is to limit the number of retries, whether in total or per unit of time. Put in other terms, a secure system must be capable of recognizing when it is legitimately being opened, even with some normal mistakes, versus when it is being cracked. And "intelligent system" implies digital.

A truly safe safe (pun intended) is one that knows itself when it is safe, and when it is not. The only kind of safe that can do that is one that also:

  • Can have its combination, or "secret key" changed on demand
  • Can upgrade its strength, or "encryption technology", on demand

In other words, a truly safe safe is a digital safe.

The truly safest safe will not be one that uses a key code or PIN, but one that uses a smart card or computer as a key, actually some form of digital certificate, that authenticates against the safe just as a certificate can authenticate against a Web server.

Mechanical safes, like mechanical clocks, are a thing of beauty... but inevitably they will become items of beauty, not of safety.