Google Made Android 7 Encryption Passwords Easier To Brute-Force

Status
Not open for further replies.

tom10167

Reputable
Apr 9, 2014
119
0
4,680
0
The apple thing is wildly overblown, going from ten million years to 1 million years is still in the unbreakable range. Knowing the exact parameters like in androids issue is a crippling blow.
 

nutjob2

Reputable
Aug 31, 2015
41
0
4,540
2
Having restrictive rules for passwords like maximum length is idiotic, making them machine readable is beyond idiotic.
 

none12345

Honorable
Apr 27, 2013
427
0
10,780
0
Hrm at first i was like wtf, they are storing the signature of your password.

But, i dont think thats what this is, it looks more like a 4 didget pin number rule for something. Just going by the file name, taht would suggest its a ruleset for seomthing, not a user signature. And if thats the case, then everyone already knew it was a numerica 4 didget pin number.

If it is a signature of your password tho, thats quite bad.
 

tigerwild

Distinguished
Nov 6, 2009
59
0
18,640
1
None12345, I think you missed the point. Sure a signature would allow anyone to use a rainbow table to immediately look up your password, but the real issue is THERE IS NO REASON to ever store the fundamental structure of the password or its hash value in an unencrypted mannor. Doing so shows that someone has intentionally left it there to make brute forcing the password orders of magnitude easier and thus faster.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS