Thread: Image Verification SUCKS!@!!!!!!!11
View Single Post
Old 12-14-2005, 01:03 AM  
andi_germany
Confirmed User
 
Join Date: Oct 2002
Location: Germany
Posts: 768
Quote:
Originally Posted by V_RocKs
A lot of reaction.. I will start with this guy.

1 - You point in #1 is pointless. Give me an article, give me a white paper. Just because you say hackers are all knowing doesn't mean shit. You say all images are broken... The only way to thwart image varification is to create signatures. Similar to virus software. You create an image of what a set of numbers with lines running through them look like, now you know what the number is. With SPARTA this is to tedeous. The people hacking porn are working 40 hours a week or going to school or both. They don't have 2000 man hours to do this. They have instead A.D.D... they couldn't keep their attention on the task of creating signatures for SPARTA no matter how much they would like to.

2 - Bruteforcing does start with a dictionary attack. What takes longer smart-guy, finding 8 characters in a dictionary with 62 possibilities per letter or only having to find 6*62 because I know that the first character is always going to be a capitol and the last is always going to be a number? I said always... I guess I should say 85% of the time. But with 85% of the 8,000 member passfile, who gives a flying fuck about the other 15%?

3 - I stated over and over that the best option is to make the password for the customer. If you all them to make it then the hacker doesn't need to look for trillions of passwords, he only needs to look for the 70,000 commonly used words, and then apply simple rul3s t0 f1nd 3v3n m0r3.

4 - You think I give a fuck about some arcane Isreali law saying I can't use Captcha? Why do I need to go to one of these countries anyway?

It seems like you just wanted to rant. I am offering sound advice and you sound like a sleezy defense lawyer trying to protect someone who got caught in the act of a crime and even confessed offering an account of the crime that could only be known by the perpatrator...
1. Ok do a simple google search "captcha broken" and you get a trizillion articles.

2. You still don't get it. Your assumtion is false. If you don't require a capital and/or number the hacker has it in about 1000-40000 tries. Your count of 62 is based on 26 + 26 + 10 but the hacker doesn't need to find the secure password but a couple of insecure ones. Calculationg means nothing here as he simply goes down his dictionary list. If you do require he has to modify the lists to cope with people replacing chars with Capital or numbers. He might still get it fast but not as fast as with no requirement.

3. This is correct but with your statement you just make my point on 2.

4. This is your personal choice. Just be aware if you visit the UK someday ;)
__________________
SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.
andi_germany is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote