[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 580: sizeof(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 636: sizeof(): Parameter must be an array or an object that implements Countable
3.14.by forum • Would this system be brute-force-uncrackable?
Page 1 of 1

Would this system be brute-force-uncrackable?

Posted: Sat Nov 20, 2010 4:46 pm
by P3ndldqny2
If you had a target system where the password/hash required changed every minute, using an algorithm?

Unless the brute-force system could traverse every single combination of hashes within the period of which the target system rotates hashes, surely it would be uncrackable?

Re: Would this system be brute-force-uncrackable?

Posted: Sat Nov 20, 2010 5:15 pm
by Sc00bz
Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).

Re: Would this system be brute-force-uncrackable?

Posted: Sat Nov 20, 2010 5:22 pm
by P3ndldqny2
Sc00bz wrote:Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).
haha, yes thats what i was given at work yesterday!

My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?

(ignore stealing the key, masquerading etc)

Re: Would this system be brute-force-uncrackable?

Posted: Mon Nov 22, 2010 3:54 pm
by LordMike
P3ndldqny2 wrote:
Sc00bz wrote:Are you talking about this?
http://en.wikipedia.org/wiki/SecurID

And no it is not uncrackable. Well something that has a 256 bit key I'd say is uncrackable (well depending on the algorithm such as a 256 bit RSA private key is crackable in like a hour on a new computer).
haha, yes thats what i was given at work yesterday!

My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?

(ignore stealing the key, masquerading etc)
I'd categorize that as security under obscurity... :P

Re: Would this system be brute-force-uncrackable?

Posted: Tue Nov 23, 2010 4:01 am
by Sc00bz
P3ndldqny2 wrote:My point is that if the required hash keeps changing, then brute forcing is only worth while if you can complete all the permutations in less time than the hash is changed?
Wrong. It's a probability game let's say you can only check 10% of the key space before it changes. You'll have to guess 65.92% of the key space to have a 50% chance of guessing correctly. There's is one thing I'm ignoring there are actually 3 keys that will work because the SecurID key chain could be running a little fast or slow.

Re: Would this system be brute-force-uncrackable?

Posted: Thu Nov 25, 2010 7:27 am
by BarsMonster
P3ndldqny2 wrote:If you had a target system where the password/hash required changed every minute, using an algorithm?

Unless the brute-force system could traverse every single combination of hashes within the period of which the target system rotates hashes, surely it would be uncrackable?
It is easily crackable using thermorectal cryptanalysis :crazy:

There is a book published on this method. Unfortunately, not yet translated to English.
Image