Another interesting kind of lock I've seen are some masterlocks that give you a "joystick" of sorts and you make passwords by moving them in the for cardinal directs, for example your password might be up up down down left right left right. What's interesting is that A) you can set your own password and B) they claim no upper bound on the length of your password!
My first thought was "impossible!" and I tried to disprove it. I set it to a long password and tried to unlock it by, say, doing all but the last stroke assuming it was just dropping the strokes after a point. No luck. Same for dropping the first stroke. Etc. But sure this mechanical system has a small finite number of possible sufficiently distinct states and so would only be able to use small password lengths?
Of course! But it's apparently being much smarter about it than I had anticipated: sure, my long password can (presumably) be opened by a shorter password. But that shorter password is apparently unrelated to the long one. They must be taking a mechanical hash of the password!
Have you tried transposition of motions in a short combination? In particular, have you tried swapping the first direction with every direction in the short combination? Have you tried a combination consisting entirely of the same direction, and shortening or lengthening that?
Because one possible (bad) implementation would be an MxN grid with a specific point as the unlock coordinate. A slightly less bad implementation that doesn't permit trivial transpositions would be such a grid plus a long internal pad that modifies the direction (realdir[i] = userdir[i] + lockspecificdata[i%LEN]%4).
Unfortunately I don't still have the lock to try that. I was also looking around and found this video: https://www.youtube.com/watch?v=aPKVMTGqTQo which is quite illustrative of its internals as well as this patent https://encrypted.google.com/patents/US6718803 which seems to be for it. And it looks like you're right! The "hash" appears to just be the pair (x,y) where x is the net motion right and y is the net motion down. This is pretty worrisomely bad! In particular the example password I gave at the start would be equivalent to having no password at all!
If I were to try to make this more secure, my first guess would be to have a varying number of pins on each of the four wheels, particularly having the top/bottom and left/right pairs being coprime to each other. Then there'd be a much larger number of possible positions, though I'm not sure if this would make it hard to configure the password.
(And actually, the pair (x,y) is taken mod 5 (I think), just to make it worse.)
My first thought was "impossible!" and I tried to disprove it. I set it to a long password and tried to unlock it by, say, doing all but the last stroke assuming it was just dropping the strokes after a point. No luck. Same for dropping the first stroke. Etc. But sure this mechanical system has a small finite number of possible sufficiently distinct states and so would only be able to use small password lengths?
Of course! But it's apparently being much smarter about it than I had anticipated: sure, my long password can (presumably) be opened by a shorter password. But that shorter password is apparently unrelated to the long one. They must be taking a mechanical hash of the password!
Here's the lock: http://www.masterlock.com/personal-use/product/1500iD But I wouldn't recommend buying one. They were too bulky and got stuck in the locker at my gym and had to be cut off.