On 12/21/2011 6:12 PM, Ed Leafe wrote: > That's a different issue than collision. With collision, you don't need > to know the original password; instead, you have a one in N chance of a > random string matching the password, where N is the total number of possible > values. So I could write a program to loop until the random string it creates > is accepted on your side because your algorithm generated the same number as > the actual password. In this case, on average it would only take 64K tries > before I got in, which, given today's processing power, might take a minute > or two.
I guess that's why some websites will lock you out after 'n' (usually 3-5) failed attempts. Then you have to call/email them to unlock it. -- Mike Babcock, MCP MB Software Solutions, LLC President, Chief Software Architect http://mbsoftwaresolutions.com http://fabmate.com http://twitter.com/mbabcock16 _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/4ef2a43a.3040...@mbsoftwaresolutions.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
