The wisdom of the ill informed
Ed Gerck
edgerck at nma.com
Sun Jun 29 18:32:56 EDT 2008
Allen wrote:
> Very. The (I hate to use this term for something so pathetic) password
> for the file is 6 (yes, six) numeric characters!
>
> My 6 year old K6-II can crack this in less than one minute as there are
> only 1.11*10^6 possible.
Not so fast. Bank PINs are usually just 4 numeric characters long and
yet they are considered /safe/ even for web access to the account
(where a physical card is not required).
Why? Because after 4 tries the access is blocked for your IP number
(in some cases after 3 tries).
The question is not only how many combinations you have but also how
much time you need to try enough combinations so that you can succeed.
I'm not defending the designers of that email system, as I do not know
any specifics -- I'm just pointing out that what you mention is not
necessarily a problem and may be even safer than secure online banking
today.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list