A real puzzler
Blitz3D Forums/Blitz3D Programming/A real puzzler
| ||
My neighbour, having just had money stolen from his credit card, asked how long it would take a computer to scan through every possible variation of 16 digits against every possible variation of a PIN. I wrote this: For a = 1 To 999999999999 For b = 1 To 9999 Next Print a Delay 1 Next - and lo and behold Blitz3D stops on the first line, and says 'Program Ended' without executing any more. You can see this clearly if you put a Stop before the first line. How puzzling. Or am I having one of my 'turns'? |
| ||
999999999999 is too large a value to fit into an integer so it's wrapping around to negative values and aborting the loop? |
| ||
whats the point anyway? you need php to hack the bank data and scan that through. and its not even that easy with brute-force! your 'neighbour' has got to report it to the police, if this tale is true ;) |
| ||
What Warren said. Observe:A=999999999999 Print A |
| ||
It probably hasn't been scanned. I used to work for, shall we say, a well known energy supplier in the UK. I had access to bank account details of millions of customers. I wasn't vetted by a CRB check before commencing employment. I could have been previously convicted of fraud, or theft, or anything before yet they still gave me a job and access to sensitive information. It only takes one crook to get your details into the wrong hands. Sadly it happens all the time. |
| ||
I'm a crook(s)! |
| ||
Warren, thanks. Devil, it's already been reported to the police. He was just interested in, if it was done this way, how long would it take. |
| ||
..I dont have credit card..its cool.. |
| ||
Well a brute force attack usually not only depends on one machine but on a network. If the key consists of only digits thats bad to begin with because the number of permutations is rather small. Use the whole ascii set in conjunction with digits to get good protection. Then you need to take into account network latency and server response times. So a 16-digit key could be brute forced over internet (with current hardware) in less than a day i'd estimate. BUT before all i don't know any serious banking system that doesn't recognize brute force attacks. They usually block the attacked account after a certain number of false login tries for a period of time or until the owner reactivates it. Your thief must have had valid data. Block the account and reissue new keys and keep them locked tight. |
| ||
If the key consists of only digits thats bad to begin with because the number of permutations is rather small. I woud say 'comparitively small'... 16-digits just numeric would be huge! The combination math is: nCr = n! / (r!(n - r)!) (! = factorial) where r=16 and n=10 However, with things like Credit Cards, there are other qualities (which can narrow down the search) for instance, if you total all the 16 digits, the sum would be a multiple of 7. (I think this was specific to visa and has now been made obsolete) also, the first set of 4 digits would be a control numebr for the issuing finance company, so the ACTUAL code would only be 12 digits. |
| ||
I work that out at 18,446,744,073,709,551,616 different possiblities |
| ||
John, Here is what your original program should look like so it won't break down technically... For a = 0 To 9999 For b = 0 To 9999 For c = 0 To 9999 For d = 0 To 9999 For pin = 0 To 9999 Print pin Delay 1 Next Next Next Next Next |