 |
|
|
|
 |
DJ RANN
Supreme tranceaddict
Registered: May 2001
Location: Hollywood....
|
|
|
| quote: | Originally posted by djnitride
Each additional digit adds another power to the potential number of combinations, past a certain point it doesn't matter if they rate limit brute force or not, it simply isn't feasible to crack the password.
For example, a 20 char alpha numeric password with capital letters would be 62^20 = 7.0442342554699802296833026461637e+35 possible combinations. Even if the attacker could run 1 million combinations a second, it would take 670113608777585638287985 days to crack if they had to check 50% of combinations before finding the password.
Yeah, I am sure some of them used extremely targeted and personalized social engineering techniques to get peoples pictures who had better security.
Here is one problem, there is no definitive defense against social engineering attacks besides restricting yourself to a very limited list of service providers. For example, gmail is extremely strict about providing account access if you lose your password. |
But that's the problem; 20 digit alpha numeric passwords aren't really realistic. I have to use one system for one of ht businesses that requires me (and 4 of my employees) to log in at least 20-40 times a day. Having to type 20 mixed fucking characters is an absolute ballache that many times a day so guess what? Everyone does the minimum (8 chars, 1 num, one spec char). That's really not that difficult to brute force in a couple of days.
Average password length is guess what? 8-9 characters (in fact the actual figure is 61% of the worlds population uses a password that is within one digit of the minimum required).
But again, this was only part of the breach in question - several of the people involved were phished, some it's now believed were straight up hacked with malware, and one or two others had their phones actually compromised/data copied/stolen.
Unless you're going to add two step verification (and still keylogging attacks do nothing against this) or algorithmic dongles, passwords are not going to get more secure.
I mean if the swampmeister was able to do it on a 486 fifteen years ago then imagine what's possible today.
Combine these attacks with just a tiny bit of social engineering, and basically anyone can get access to any normal password protection system.
Last edited by DJ RANN on Sep-10-2014 at 00:06
|
|
Sep-09-2014 23:40
|
|
|
 |
 |
Jon_Snow
Guest
Registered: Not Yet
Location:
|
|
|
Sep-10-2014 00:35
|
|
|
 |
 |
Lews
Platipus And Prog Addict

Registered: Feb 2007
Location: Hugging Whales And Saving Trees
|
|
|
Sep-10-2014 04:01
|
|
|
 |
 |
Jon_Snow
Guest
Registered: Not Yet
Location:
|
|
|
| quote: | Originally posted by Swamper
^ She's 21? I thought she was like 17. | She was 17... 4 years ago 
Never heard of her until the leak and started to feel bad for her then I read that article lol
|
|
Sep-10-2014 04:06
|
|
|
 |
 |
Silky Johnson
International Playa Hater

Registered: Nov 2003
Location:
|
|
|
Sep-10-2014 16:58
|
|
|
 |
 |
|  |
All times are GMT. The time now is 13:00.
Forum Rules:
You may not post new threads
You may not post replies
You may not edit your posts
|
HTML code is ON
vB code is ON
[IMG] code is ON
|
|
|
|
|
|
Contact Us - return to tranceaddict
Powered by: Trance Music & vBulletin Forums
Copyright ©2000-2026, Jelsoft Enterprises Ltd.
Privacy Statement / DMCA
|