847

Password length requirement (feddit.org)

submitted 3 months ago* (last edited 3 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

171 comments fedilink hide all child comments

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments

[-] SkunkWorkz@lemmy.world 1 points 3 months ago

No the card will disable it self after three failed attempts.

[-] smeg@feddit.uk 1 points 3 months ago

I assumed as the card readers and cards are both offline devices they wouldn't have a way to do this, are card blocks local in general?

[-] SkunkWorkz@lemmy.world 1 points 3 months ago* (last edited 3 months ago)

Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

[-] smeg@feddit.uk 1 points 3 months ago

That's pretty cool. I wonder what (if any) tinkering you can do with a card if you've got physical access and some very precise tools.

[-] SkunkWorkz@lemmy.world 2 points 3 months ago* (last edited 3 months ago)

Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.

[-] smeg@feddit.uk 1 points 3 months ago

Good to know!

this post was submitted on 18 Aug 2024

847 points (98.8% liked)

Cybersecurity - Memes

1893 readers

1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Sam1232188@lemmy.fmhy.ml

Alphadef@programming.dev

CannaVet@lemmy.world