Quote:
|
Originally Posted by andi_germany
Sorry but there is a lot of bull in this post and a lot of conclusions that actually are so wrong that it gives you such a false sense of security.
1. Fact. Image verification is broken. ALL images have been proven to be broken by machines so you are in false security. You get keep the script kiddies out but the serious crackers are in.
2. Fact. Brute force starts with dictonary attacks as hardly anyone not forced to use capital or numbers not uses a normal word which renders your calculations kind of useless.
3. Fact. You actually assume a lot in your chance calculation but forgot to calculate that if you don't require people to use capital or numbers people simply use lowercase and even a dictionary word for the same reasons you assumed they use a capital first letter.
Dictionary words bring you to about 1:100000 or even less or at most 1:26^8
4. Fact. You might actually break laws using captcha verification. In many countries there are accessability laws for people that have disabilities. Given that blind people won't watch porn but some lawmaker might actually use this to fuck you because they cannot get you otherwise.
|
A lot of reaction.. I will start with this guy.
1 - You point in #1 is pointless. Give me an article, give me a white paper. Just because you say hackers are all knowing doesn't mean shit. You say all images are broken... The only way to thwart image varification is to create signatures. Similar to virus software. You create an image of what a set of numbers with lines running through them look like, now you know what the number is. With SPARTA this is to tedeous. The people hacking porn are working 40 hours a week or going to school or both. They don't have 2000 man hours to do this. They have instead A.D.D... they couldn't keep their attention on the task of creating signatures for SPARTA no matter how much they would like to.
2 - Bruteforcing does start with a dictionary attack. What takes longer smart-guy, finding 8 characters in a dictionary with 62 possibilities per letter or only having to find 6*62 because I know that the first character is always going to be a capitol and the last is always going to be a number? I said always... I guess I should say 85% of the time. But with 85% of the 8,000 member passfile, who gives a flying fuck about the other 15%?
3 - I stated over and over that the best option is to make the password for the customer. If you all them to make it then the hacker doesn't need to look for trillions of passwords, he only needs to look for the 70,000 commonly used words, and then apply simple rul3s t0 f1nd 3v3n m0r3.
4 - You think I give a fuck about some arcane Isreali law saying I can't use Captcha? Why do I need to go to one of these countries anyway?
It seems like you just wanted to rant. I am offering sound advice and you sound like a sleezy defense lawyer trying to protect someone who got caught in the act of a crime and even confessed offering an account of the crime that could only be known by the perpatrator...