Re: Getting linked from password possible? Quote:
Originally Posted by ilcarletto barrycruan, this is not the scenario digirally was talking about.
Anyway, he got 4 answers for this already.
I think it's quite clear. | Actually, barrycruan made a good point. I don't think you followed.
He was saying that if it were the case, then many Johns everywhere would be losing his accounts due to Mary entering his password.
However, if it were an issue, only unique passwords would be targeted.
Not something like "dragon123," since this password is used by thousands of people ("dragon" and "123123" it's one of the top three most common passwords, tailing "password").
If you're password is "OESU2#@eo#scrote31&s," then all the algorithm needs is a measure of uniqueness (in the above case, it is unique, and the algorithm would deduce that no two people would arrive at that password independently).
After passwords are measured in this way, then the unique ones can be run against one another.
The third and last step after ascertaining uniqueness and overlap, is for the website to start culling passwords entered (attempts).
As I recall from the Stealth books (it's been years since I read them), the "as long as it's a one-off thing" would not apply. Doing it once is the same to the website as doing it 50 times. Once you're linked, you're toast.
But the above is moot if the website doesn't do those three things.
|