Quote:
Originally Posted by Ooble
OK, here's the thing about password generation: if the algorithm generates 10-digit alpha-numeric passwords, that's 36^10 = 3.65615844 × 10^15 passwords. All you need to make it random is a pseudo-random seed. If it's the seed you're having problems with, check out hardware-based random number generators such as those in Trusted Platform Modules. If it's not, even if people do figure out your algorithm, how would they guess what the password is?
|
the password needs to change every 10-20 seconds like standart OTS generators.
and the server needs to know how to validate it.
therefore it cannot be random, it has to be a mathematical algorythm. currently it just makes a sequence of "+" and "-" operations, but i intend to make it more complex.
has anyone figured out how to get info from the obfuscated source yet ?
p.s. just figured out the simplest way to hack it, the script uses the keyword "exit" to terminate the process and therefore u can simply replace the word "exit" with something like "$i=0" and it will happily run the program regardless of the security checks, i intend to replace it with an infinate loop that does some random calculations, so infact it will never exit but just get stuck if the security isn't passed.