I'm somewhat disturbed

Post Reply
Malcolm
Posts: 32040
Joined: Fri May 21, 2004 1:04 pm
Location: Minneapolis

Post by Malcolm »

Dayum.
Diogenes of Sinope: "It is not that I am mad, it is only that my head is different from yours."
Arnold Judas Rimmer, BSC, SSC: "Better dead than smeg."
Top
TPRJones
Posts: 13418
Joined: Fri May 21, 2004 2:05 pm
Location: Houston
Contact:
Contact TPRJones

Post by TPRJones »

I'm not too surprised. They key to RSA has always been the obscurity of the algorithm. It was only a matter of time before that got out, and once it has it's basically down to a password system based on the unique key ID tied to the account. The only way it could still provide added security is if the algorithm is mathematically intense enough to slow down the password hacks to the point to make them untenable, but then it would potentially make using RSA annoying for the companies that employ it.

It's not bad, and it's still another layer that slows hackers down, but it's not rock-solid like they claim.
"ATTENTION: Customers browsing porn must hold magazines with both hands at all times!"
Top
Leisher
Site Admin
Posts: 70461
Joined: Thu May 20, 2004 9:17 pm
Contact:
Contact Leisher

Post by Leisher »

Nothing is 100% secure.
"Happy slaves are the worst enemies of freedom." - Marie Von Ebner
"It was always the women, and above all the young ones, who were the most bigoted adherents of the Party, the swallowers of slogans, the amateur spies..." - Orwell
Top
TheCatt
Site Admin
Posts: 57673
Joined: Thu May 20, 2004 11:15 pm
Location: Cary, NC

Post by TheCatt »

TPRJones wrote:I'm not too surprised. They key to RSA has always been the obscurity of the algorithm. It was only a matter of time before that got out, and once it has it's basically down to a password system based on the unique key ID tied to the account. The only way it could still provide added security is if the algorithm is mathematically intense enough to slow down the password hacks to the point to make them untenable, but then it would potentially make using RSA annoying for the companies that employ it.

It's not bad, and it's still another layer that slows hackers down, but it's not rock-solid like they claim.
The algorithm has been out for a while, it's the seeds that weren't. It's still two-factor authentication, since most people require some PIN with the RSA code (both of mine do), but it's certainly more vulnerable now.
It's not me, it's someone else.
Top
Malcolm
Posts: 32040
Joined: Fri May 21, 2004 1:04 pm
Location: Minneapolis

Post by Malcolm »

The number theory behind RSA was never 100% provably secure but it's computationally infeasible to crack a properly done cryptosystem that uses the methodology. And they sort of cheated to get the info they swiped but, damn, that's a LOT of key chain thingies to replace every time the human factor fails like this.
Diogenes of Sinope: "It is not that I am mad, it is only that my head is different from yours."
Arnold Judas Rimmer, BSC, SSC: "Better dead than smeg."
Top
Post Reply

Return to “Tech stuff”