You are viewing a single comment's thread from:

RE: Offline Attack on Steem User Credentials

in #steem8 years ago

Its a cool concept, but I'm sorry, I call BS.

I have looked at the code that handles hashing, salting and encrypting passwords before they are placed into the block chain and I can say with 99.5% certainty that you did not accomplish the hack you claim to have.

In theory it is possible, but the computational complexity of uncovering even 1 of the passwords from the blockchain would be more difficult that mining the largest amount held by any user on the block chain.

Sorry to hurt your feelings and call you out, but if you are to fool this community you are going to need to prove that you a. have the knowledge required to mount such a large scale offline attack, and b. you would have mentioned the actual difficulty of doing so.

8 years ago in #steem by
$0.00
    Reply 1
    Sort:  
  • Trending
    • [-]
     8 years ago  

    anyone with a copy of the blockchain can mount a large-scale offline dictionary attack to recover them. Research as well as real-world precedent has repeatedly shown that a non-trivial fraction of users are incapable of choosing passwords resistent to offline-attack even when password complexity requirements are enforced

    They didn't claim to crack any hashing algorithm. A dictionary attack simply goes through a dictionary of possible passwords and tries each one until it finds a matching hash. Might want to reconsider that 0.5% chance.

    $97.91
    • Past Payouts $97.91
    • - Author $73.43
    • - Curators $24.47
    4 votes
    Reply