Cybersecurity - Memes

2992 readers

1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Alphadef@programming.dev

CannaVet@lemmy.world

840

Password length requirement (feddit.org)

submitted 10 months ago* (last edited 10 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

170 comments fedilink hide all child comments

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments

[–] SkunkWorkz@lemmy.world 1 points 10 months ago (1 children)

No the card will disable it self after three failed attempts.

[–] smeg@feddit.uk 1 points 10 months ago (1 children)

I assumed as the card readers and cards are both offline devices they wouldn't have a way to do this, are card blocks local in general?

[–] SkunkWorkz@lemmy.world 1 points 10 months ago* (last edited 10 months ago) (1 children)

Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

[–] smeg@feddit.uk 1 points 10 months ago (1 children)

That's pretty cool. I wonder what (if any) tinkering you can do with a card if you've got physical access and some very precise tools.

[–] SkunkWorkz@lemmy.world 2 points 10 months ago* (last edited 10 months ago) (1 children)

Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.

[–] smeg@feddit.uk 1 points 10 months ago

Good to know!