Friday, September 30, 2005

Hackers fail to break into Via's "StrongBox"

Dan Nystedt writes in InfoWorld:

Hackers at a security conference in Malaysia failed to break into Via Technologies' StrongBox security application during a competition, Via officials said Friday, but the company gathered some valuable feedback from participants.

The Taiwanese microprocessor vendor offered a $5,000 prize to any hacker that could break into StrongBox, which is a secure virtual hard drive of up to 40GB designed to protect data from computer intruders. Announced on Tuesday, the application is made using a combination of hardware-based SHA-1 and 256-bit AES encryption.

The company ignored a one-hour time limit rule it had in place for the contest, and allowed conference attendees as much time as they wanted to try to break into StrongBox.

One useful piece of advice Via took away from the show was regarding the password login. The software asks users to choose how many failed password attempts it should accept, with a maximum of five, before freezing a user out for an unspecified period of time.

But one hacker pointed out he could figure out a way to set the number at zero, giving a potential data thief unlimited tries to guess the correct password. Without such a limit, someone could use a custom CD with every word in the dictionary and word/number combinations to find the right password. Such CDs take only a few minutes to run.

0 Comments:

Post a Comment

<< Home