Would this system be brute-force-uncrackable?

P3ndldqny2 · Post by **P3ndldqny2** » Sat Nov 20, 2010 4:46 pm

If you had a target system where the password/hash required changed every minute, using an algorithm?

Unless the brute-force system could traverse every single combination of hashes within the period of which the target system rotates hashes, surely it would be uncrackable?

Sc00bz · Post by **Sc00bz** » Sat Nov 20, 2010 5:15 pm

Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).

P3ndldqny2 · Post by **P3ndldqny2** » Sat Nov 20, 2010 5:22 pm

Sc00bz wrote:Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).

haha, yes thats what i was given at work yesterday!

My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?

(ignore stealing the key, masquerading etc)

LordMike · Post by **LordMike** » Mon Nov 22, 2010 3:54 pm

P3ndldqny2 wrote:
Sc00bz wrote:Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).
haha, yes thats what i was given at work yesterday!

My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?

(ignore stealing the key, masquerading etc)

I'd categorize that as security under obscurity...

Sc00bz · Post by **Sc00bz** » Tue Nov 23, 2010 4:01 am

P3ndldqny2 wrote:My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?

Wrong. It's a probability game let's say you can only check 10% of the key space before it changes. You'll have to guess 65.92% of the key space to have a 50% chance of guessing correctly. There's is one thing I'm ignoring there are actually 3 keys that will work because the SecurID key chain could be running a little fast or slow.

Post by **BarsMonster** » Thu Nov 25, 2010 7:27 am

P3ndldqny2 wrote:If you had a target system where the password/hash required changed every minute, using an algorithm?

Unless the brute-force system could traverse every single combination of hashes within the period of which the target system rotates hashes, surely it would be uncrackable?

It is easily crackable using thermorectal cryptanalysis

There is a book published on this method. Unfortunately, not yet translated to English.

3.14.by forum

Would this system be brute-force-uncrackable?

Would this system be brute-force-uncrackable?

Re: Would this system be brute-force-uncrackable?

Re: Would this system be brute-force-uncrackable?

Re: Would this system be brute-force-uncrackable?

Re: Would this system be brute-force-uncrackable?

Re: Would this system be brute-force-uncrackable?

Who is online