The Official Forum  

Go Back   The Official Forum > Basketball
ArbiterPay Security Flaw ArbiterPay Security Flaw
Register FAQ Community Calendar Today's Posts Search

 
 
LinkBack Thread Tools Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #16 (permalink)  
Old Sat Jan 10, 2015, 05:16am
Official Forum Member
  
Join Date: Aug 1999
Location: In the offseason.
Posts: 12,263
Quote:
Originally Posted by johnny d View Post
I find the bolded, underlined part very hard to believe, especially if the process is repeatable such that each time you enter the same sequence of letters, numbers, and symbols, they get converted into the exact same sequence of new letters, numbers, and symbols over and over again. It would not take a human cryptographer years to break that system, let alone a computer. Even without the algorithm, if you have access to multiple passwords and what they are converted to, it would not take that long to determine the algorithm.
Well, it can possibly be done but you will not be alive to see it done.

The algorithms are published. Even having them and knowing which one was used (as long it is a decent one) really doesn't help much. The math to go backwards from the hashed output to the original input is just too hard for even the best computers to execute in any amount of time that matters.

The typical way cracking works is to use social engineering to guess at what the person might use as a password and try different things until you get it right. They might also just try all combinations of letter, numbers, symbols, etc. until they get the match.

The problem with that is that any decent system will detect repeat failed attempts and just lock the account. So, to have any chance, the hacker needs to obtain a copy of the database so they can run the tests outside of the system. Once the figure it out, they can then use it to break into the account(s).

The hashing algorithms are, however, sufficiently complicated that it just takes too long for it to work well, if at all, as long as you don't use abc123 as your password.

Some older hashing systems have been partially broken but it takes a lot of time with some really powerful computers (ones too expensive for all but big businesses or the government to afford) to get there.

Here is an article that talks about a common encryption technique and how long it would take to crack it:
http://www.eetimes.com/document.asp?doc_id=1279619

Here is a quote from the article:

Quote:
As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years). If one were to assume that a computing system existed that could recover a DES key in a second, it would still take that same machine approximately 149 trillion years to crack a 128-bit AES key.
Most breaches in passwords are due to them either being stored in plain text or simply encrypted but the thief finds the encryption key and is able to decrypt them. Hashes, on the other hand, don't have such a key. They are just not practically reversible to get the original password.
__________________
Owner/Developer of RefTown.com
Commissioner, Portland Basketball Officials Association
Last edited by Camron Rust; Sat Jan 10, 2015 at 05:19am.
Reply With Quote
 

Bookmarks

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Flaw in rules? largeone59 Football 17 Sun Jan 15, 2006 09:28pm
Flaw in new loss of down rule! ljudge Football 12 Tue Sep 06, 2005 02:21pm


All times are GMT -5. The time now is 02:32pm.

The Official Forum - Archive - Top


Search Engine Friendly URLs by vBSEO 3.3.0 RC1