Would this system be brute-force-uncrackable?

Moderator: BarsMonster

Post Reply [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
P3ndldqny2
Posts: 16
Joined: Fri Nov 05, 2010 2:29 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Would this system be brute-force-uncrackable?

Post by P3ndldqny2 » Sat Nov 20, 2010 4:46 pm

If you had a target system where the password/hash required changed every minute, using an algorithm?

Unless the brute-force system could traverse every single combination of hashes within the period of which the target system rotates hashes, surely it would be uncrackable?

Sc00bz
Posts: 136
Joined: Fri Oct 03, 2008 8:28 am
Contact:

Re: Would this system be brute-force-uncrackable?

Post by Sc00bz » Sat Nov 20, 2010 5:15 pm

Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).

P3ndldqny2
Posts: 16
Joined: Fri Nov 05, 2010 2:29 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Would this system be brute-force-uncrackable?

Post by P3ndldqny2 » Sat Nov 20, 2010 5:22 pm

Sc00bz wrote:Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).
haha, yes thats what i was given at work yesterday!

My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?

(ignore stealing the key, masquerading etc)

User avatar
LordMike
Posts: 184
Joined: Tue Feb 10, 2009 8:34 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Would this system be brute-force-uncrackable?

Post by LordMike » Mon Nov 22, 2010 3:54 pm

P3ndldqny2 wrote:
Sc00bz wrote:Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).
haha, yes thats what i was given at work yesterday!

My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?

(ignore stealing the key, masquerading etc)
I'd categorize that as security under obscurity... :P

Sc00bz
Posts: 136
Joined: Fri Oct 03, 2008 8:28 am
Contact:

Re: Would this system be brute-force-uncrackable?

Post by Sc00bz » Tue Nov 23, 2010 4:01 am

P3ndldqny2 wrote:My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?
Wrong. It's a probability game let's say you can only check 10% of the key space before it changes. You'll have to guess 65.92% of the key space to have a 50% chance of guessing correctly. There's is one thing I'm ignoring there are actually 3 keys that will work because the SecurID key chain could be running a little fast or slow.

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Would this system be brute-force-uncrackable?

Post by BarsMonster » Thu Nov 25, 2010 7:27 am

P3ndldqny2 wrote:If you had a target system where the password/hash required changed every minute, using an algorithm?

Unless the brute-force system could traverse every single combination of hashes within the period of which the target system rotates hashes, surely it would be uncrackable?
It is easily crackable using thermorectal cryptanalysis :crazy:

There is a book published on this method. Unfortunately, not yet translated to English.
Image

Post Reply
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Who is online

Users browsing this forum: No registered users and 1 guest