Chris Kite Programming, Computer Security, Etc.

Archive for March, 2009

Cracking a Software License Scheme

03.31.2009 · Posted in Cryptography, Security

In his latest blog post, Andy Sloane issued a challenge to create a key-generator for his bespoke software licensing scheme. Looking through his code, I quickly found that he was using RSA, and that valid keys decrypted to 12345678 under a hardcoded RSA public key. In my response on the ...

Are You a Brute-Force Enabler?

03.29.2009 · Posted in Passwords, Security

Jimmy Ruska has taken the time to combine data from 3 compromised-password lists, and the results are pretty interesting. If an attacker can try just a single password against every user on your web application, he’ll compromise about 1% of them. Even with a fairly stringent 3-attempt lockout policy, about ...

Haddock: Generate Memorable Passwords in Ruby

03.29.2009 · Posted in Passwords, Security

Newly released RubyGem Haddock¬†offers to generate easy-to-remember passwords, but how secure are they? Haddock-generated passwords are of the form {word}{number}{symbol}{word}, and are generated to be at-most as long as a user-specified length. So for example, an 8-character Haddock password might be “amy7@rax”. For a relatively low-security password, like you might ...

SEO Powered by Platinum SEO from Techblissonline