You want to access a particular smartphone which has a 4-digit numeric pin, entered by tapping the screen. One day you see the owner wipe the screen, unlock the device, and then get distracted and walk off. You rush over, grab the phone but alas it has auto-locked again. The screen is clean except for smudge marks over the place where the 7 and the 9 appear on the screen. What is the maximum number of PINs you must test to break into the phone (and what formula can be applied for x smudge marks)?
Background: I was reading a blog post about the new "picture sign-in technique for Windows 8" which is to replace passwords, and the author compares the ease of cracking picture sign-ins to the ease of cracking standard smartphone PINs by interpreting smudge-marks on the screen (in a worst-case scenario like that detailed above). He states that the hardest case is a PIN of 4 unique digits:
āA PIN will leave a smudge in a known location for each digit used in the code. If there are n digits in the PIN, and all digits are unique (the hardest to deduce case), there will be n! possible ways of ordering the PIN. For a typical 4-digit PIN, this is 24 different combinations.ā
I believe that he is incorrect; 4 unique digits is not the hardest to deduce case. I think that 3 smudges would allow 52 PINs (I've written this up in a blog post: A Shorter PIN Might Be More Secure against Smudge Attack). Then I started wondering whether 2 smudges would produce more or less permutations, but Iām not sure of what formula could be used and I refuse to count them manually on principal. Another interesting question would be the ideal amount of unique digits in the case of the PIN length being unknown to the attacker.