Quote:
Originally Posted by cem
What makes you 100% sure that your script is not bruteforcable ?
|
Well as far as actually brute force that's simple math. You'd need millions
of proxies and hundreds of servers manageing those millions of proxies.
Just do the math. Common sense tells us that no hacker has millions of
proxies at his disposal. Even if a single cracker controlled ALL Windows
Vista or Windows XP machines on the planet it wouldn't be enough.
Now some other attack besides brute force is another question, and one that
can't be simply answered with ten minutes of simple arithmetic. We wanted to
be sure that Strongbox couldn't be penetrated any other way, and that is
of course the reason we posted the $10,000 offer on all the big hacker boards
way back when. Some really bright hackers made some valiant efforts and
none succeeded, so I'm now pretty confident about Strongbox. That's not to
say it couldn't ever happen, but all of the big name hackers pretty much give
the same answer when asked how to get past Strongbox - they tried it, they
failed, so go find a Pennywize site with similar content. Of course at the time
I went all over the hacker boards with the offer I could actually AFFORD to pay
$10,000 to a smart bright hacker who pointed out a weakness.
It would be a
pretty big hit to take today. I'll still stick by it with these smartasses on GFY,
but I'm no longer going around taunting the top hackers with the offer. ;)
One hacker who asked that I not reveal his name DID find HALF of a possible
attack vector - not anything he could actually use, but something that would
get you half way there to getting past one of our security measures, then he
postulated that if he were able to complete that attack and also find some way
around another of our security measures, it would then become a brute force
type of situation. We of course patched that up real quick and that's been
taklen care of for quite some time now.