[Itnews]Australia's encryption-busting bill also after PINs, passwords - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

[Itnews]Australia's encryption-busting bill also after PINs, passwords

Reply
 
Thread Tools
post #11 of 17 (permalink) Old 10-21-2018, 09:32 PM
Old to Overclock.net
 
xJumper's Avatar
 
Join Date: Jan 2008
Posts: 1,917
Rep: 104 (Unique: 93)
Quote: Originally Posted by Chakravant View Post
How can they be brute forced? A: They have # of use timeouts, just like any other method. B: They use an inconsistent number of inputs. This isn't like some 4 or 6 digit pin. The person trying to crack the code doesn't even know how many units to input. Is it 4 taps? Is it 12? You don't know.

Phone insecurities come into play when the passkey is a known set of variables. A PIN key with 4 digits will always have 4 digits. Your face is your face. You have a finite set of fingers. Savvy phone makers are eliminating these kinds of known knowns. That practically guarantees a more secure system.
You must not be up to speed at all on how Govt/LEO/Five eyes have been busting encryption.

Quote: Originally Posted by Chakravant View Post
How can they be brute forced? A: They have # of use timeouts
When your phone is seized, they hook it up to one of those exploit machines I mentioned and dump the contents and/or call up Samsung or whoever, get the keys for the locked bootloader (if they don't already have some exploit to unlock it which they likely do), flash a custom OS (a custom made Android OS for data forensics) that's purpose built to just dump the encrypted partition out or bypass any timeouts or what have you. In either scenario now they can try as many attempts as they want on your encrypted data.

Were at the point in time where just run of the mill hackers in their basement make rigs guys here would be envious of, quad SLI GPU desktops and use them to brute force passwords. A simple setup like that can do something like 300 million combinations per second and that's just what guys using off the shelf stuff you or I could buy can do. The government can and likely has access to way more powerful gear.

I don't know much about the new features phones are using to replace passwords but I can guarantee some connect the 9 dots in a certain order/some tap based authentication you mentioned has wayyyy less possibilities mathematically than even some of the simplest passwords. At this point in time a home GPU setup like the one I described can brute force every single combination in an 8 character password in roughly half an hour and I'd bet that an 8 character has way more mathematical possibilities than some 4x4 grid of dots to connect. Anything except an actual password is almost useless for securing any kind of encryption, the encryption is only as strong as the password and any kind of password anyone would actually use on a phone is likely not long/complex enough to withstand brute force attacks.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
Sponsored Links
Advertisement
 
post #12 of 17 (permalink) Old 10-22-2018, 02:57 AM
Fantastic Mr Fox
 
randomizer's Avatar
 
Join Date: Apr 2009
Posts: 5,783
Rep: 174 (Unique: 119)
Some ROMs allow you to use larger grids than the standard 3x3, but because they all have the limitation that no node can be reused there are far fewer possible combinations than there otherwise could be.

randomizer is offline  
post #13 of 17 (permalink) Old 10-22-2018, 12:46 PM
Robotic Chemist
 
Asmodian's Avatar
 
Join Date: Aug 2009
Location: San Jose, California
Posts: 2,382
Rep: 176 (Unique: 116)
Even a 5x5 (i.e. 25 characters) is pretty laughable if you cannot reuse any symbol and you have a GPU brute forcing full speed. If you want to protect against dedicated hacking attempts who have access to your physical hardware you need to be pretty hardcore about passwords. I like Diceware for human remember-able (at least somewhat) anti-nation state level encryption keys. A PIN or anything similar is not going to cut it, we need 16+ symbols if there are only ~35 and you can reuse them.

However, this only help if the encryption was not already compromised. If this law actually took effect I would expect black market hacking groups to have at least one back door inside a year. I say make encryption illegal instead, if you think people shouldn't be able to hide anything from the government. Fake encryption simply fools people into bad behavior because of the illusion it is secure.
Asmodian is offline  
Sponsored Links
Advertisement
 
post #14 of 17 (permalink) Old 10-22-2018, 09:17 PM - Thread Starter
...
 
HowHardCanItBe's Avatar
 
Join Date: Apr 2007
Posts: 15,761
Just another attempt by corporations to steal more of our identity and ourselves. No sense of personal freedom. That freedom is when they'll decide at a given price. Meanwhile, those criminal friends at wallstreet and the sharemarket can cause chaos and destruction whenever they want and not get jailed. Meanwhile the public stays woefully ignorant, blinded. No wonder we can't change the things here because from the very beginning corporations have ruled this place. Meanwhile, a few of us develop self awarenessness.



Last edited by HowHardCanItBe; 10-22-2018 at 09:21 PM.
HowHardCanItBe is offline  
post #15 of 17 (permalink) Old 10-22-2018, 10:08 PM
Old to Overclock.net
 
xJumper's Avatar
 
Join Date: Jan 2008
Posts: 1,917
Rep: 104 (Unique: 93)
Quote: Originally Posted by Asmodian View Post
However, this only help if the encryption was not already compromised. If this law actually took effect I would expect black market hacking groups to have at least one back door inside a year.

I figure most things, almost everything really (all encryption, software whether open source or not) likely has some kind of zero day or what NSA described as "only for us" exploits. There's various anti-freedom IT/tech security companies that pay upwards of $300,000 for zero days on iPhones and the likes; like jailbreaks (root access) and stuff like that.

The thing with those though is unless you're Edward Snowden himself it's unlikely they would ever waste a zero day exploit on you. You could be Pablo Escobar raking in millions and in the west due to the nature of our public court systems the three letter agencies would likely never waste an exploit like that since it would have to be made public and therefore useless after that. Basically if you keep your illegal stuff bellow Osama levels you should be good from zero days in encryption.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #16 of 17 (permalink) Old 10-23-2018, 01:38 AM
News Junkie
 
Newbie2009's Avatar
 
Join Date: Jan 2009
Location: Ireland
Posts: 8,112
Rep: 297 (Unique: 232)
Government = Legal Mafia

I think more and more are starting to wake up to these scumbags. It won't end well.

Main PC
(15 items)
CPU
3770k @ 5.0ghz
Motherboard
Asus Maximus V Formula
GPU
EKFC Sapphire RX VEGA 64
RAM
32GB Corsair Vengeance @ 2400mhz
Hard Drive
OCZ vertex 2 120GB SSD & Kingston 120GB SSD
Hard Drive
Samsung 2TB 5400rpm
Hard Drive
Toshiba 3TB 7200rpm
Hard Drive
Samsung 750GB 7200rpm
Power Supply
Corsair AX 860w Platinum
Cooling
XSPC RX360 & EK240
Cooling
XSPC Raystorm
Cooling
EK FCVEGA
Case
NZXT Switch 810
Operating System
Windows 7 Ultimate & Windows 10 Pro
Monitor
2 x Dell 30" 1600p
▲ hide details ▲
Newbie2009 is offline  
post #17 of 17 (permalink) Old 10-23-2018, 01:41 AM - Thread Starter
...
 
HowHardCanItBe's Avatar
 
Join Date: Apr 2007
Posts: 15,761
Quote: Originally Posted by Newbie2009 View Post
Government = Legal Mafia

I think more and more are starting to wake up to these scumbags. It won't end well.
Most of it is down to corporations owning and controlling everything. Unfortunately, it is you and I that have to suffer due to the past generation's ignorance. They obviously want to introduce these laws to spy on Australians and basically funnel traffic through there. Maybe when our generation wakes up, instead of using facebook all the time, we could work to fix this crap but I doubt it. Ignorance is a great way to steal wealth and control from others.



Last edited by HowHardCanItBe; 10-23-2018 at 01:46 AM.
HowHardCanItBe is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off