|
Delivery McGee posted:On the other hand, if the government wants to log in to your banking website or SA account, it's fairly trivial to brute-force a 16-character password, given a big enough Beowulf cluster or supercomputer, especially since most people choose passwords that are easy to remember and thus easy to break. They don't have to break the encryption, they just have to break the password, and the list of passwords that hash to a certain value is relatively small, hence rainbow tables -- of course, their passwords are ideally also encrypted and may use a physical USB dongle with a rolling code ... It is NOT fairly trivial to brute force a 16-character password (I assume we aren't talking about single DES or ROT-13 here!), and easy to remember does not necessarily equate to easy to break.
|
# ¿ Jul 31, 2016 03:28 |
|
|
# ¿ Apr 27, 2024 12:21 |
|
Delivery McGee posted:It's trivial compared to a one-time pad, for the average person's stupid fuckin' password. Front-load the dictionary attack with the targets' kids' names and birthdates. If by "trivial" you mean only 5 times the age of the universe instead of 1000 times, then I guess you're right. Have you even looked at AES keyspaces? And if you really care about my inspiration, it's using the distributed password attack system I have in my lab. I use biographic dictionaries all the time and if you think people really encrypt their data with their kids names then you are sorely mistaken, at least in my law enforcement role. Maybe your run-of-the-mill computer janitor job sees a different usage pattern?
|
# ¿ Aug 2, 2016 00:56 |