Page 1 of 1
Posted: Tue Jun 07, 2011 9:15 pm
by Malcolm
Posted: Tue Jun 07, 2011 11:20 pm
by TPRJones
I'm not too surprised. They key to RSA has always been the obscurity of the algorithm. It was only a matter of time before that got out, and once it has it's basically down to a password system based on the unique key ID tied to the account. The only way it could still provide added security is if the algorithm is mathematically intense enough to slow down the password hacks to the point to make them untenable, but then it would potentially make using RSA annoying for the companies that employ it.
It's not bad, and it's still another layer that slows hackers down, but it's not rock-solid like they claim.
Posted: Wed Jun 08, 2011 8:40 am
by Leisher
Nothing is 100% secure.
Posted: Wed Jun 08, 2011 9:47 am
by TheCatt
TPRJones wrote:I'm not too surprised. They key to RSA has always been the obscurity of the algorithm. It was only a matter of time before that got out, and once it has it's basically down to a password system based on the unique key ID tied to the account. The only way it could still provide added security is if the algorithm is mathematically intense enough to slow down the password hacks to the point to make them untenable, but then it would potentially make using RSA annoying for the companies that employ it.
It's not bad, and it's still another layer that slows hackers down, but it's not rock-solid like they claim.
The algorithm has been out for a while, it's the seeds that weren't. It's still two-factor authentication, since most people require some PIN with the RSA code (both of mine do), but it's certainly more vulnerable now.
Posted: Wed Jun 08, 2011 8:16 pm
by Malcolm
The number theory behind RSA was never 100% provably secure but it's computationally infeasible to crack a properly done cryptosystem that uses the methodology. And they sort of cheated to get the info they swiped but, damn, that's a LOT of key chain thingies to replace every time the human factor fails like this.