On Monday, November 24, 2003, at 05:02 AM, FileMatrix wrote:
That's not a problem. The guy who gets your wallet still cannot log in
because he doesn't have your secret Login ID.
That would be true if the password could be longer. As it is now, there are
about 100 millions combinations (users usually choose a word, that makes
about 10000 word, multiplied with 10000 numbers = 100 millions), and thus it
could be cracked in a few days.
Yes, you would need to set up an automated process to test those 100 million combinations by actually attempting to log in with each one. This also requires the ability to read the PIK prompt images. I'm not saying it's impossible or anything, just saying what's involved.
It's interesting to note in this scenario that there is no way for the Pecunix system to "lock out" an account after too many failed login attempts, because it has no idea WHICH account to lock out.
By the way George, for those of us hyper-secure paranoid tin foil hat types, you can always set up your Pecunix account to require PGP access. In this mode, Pecunix presents you with a challenge / response problem that only the holder of the private key can successfully answer.
-- Patrick
--- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
