this post was submitted on 18 Aug 2024
833 points (98.8% liked)

Cybersecurity - Memes

1975 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
833
submitted 3 months ago* (last edited 3 months ago) by cron to c/cybersecuritymemes@lemmy.world
 

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[–] SkunkWorkz@lemmy.world 1 points 3 months ago (1 children)

No the card will disable it self after three failed attempts.

[–] smeg@feddit.uk 1 points 3 months ago (1 children)

I assumed as the card readers and cards are both offline devices they wouldn't have a way to do this, are card blocks local in general?

[–] SkunkWorkz@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (1 children)

Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

[–] smeg@feddit.uk 1 points 3 months ago (1 children)

That's pretty cool. I wonder what (if any) tinkering you can do with a card if you've got physical access and some very precise tools.

[–] SkunkWorkz@lemmy.world 2 points 3 months ago* (last edited 3 months ago) (1 children)

Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.

[–] smeg@feddit.uk 1 points 3 months ago