Not how security works (Destiny)

by Earendil, Thursday, June 11, 2015, 16:21 (3456 days ago) @ Durandal

Because it was encrypted via radial A. Ghost didn't know whom he stole the log in info for, just that he had gotten it.

Given the stated dangers of just being in proximity to Vex structures, it is reasonable that the collective took serious measures to keep people from poking around, including encrypting the login data. So even if Ghost decrypted the user ID in order to get access, he would have no idea who the ID was for.

That isn't true, at least not today.

User Names are usually clear text, while passwords are hashed. You may not be able to look at the hash and determine anything from it, but you can look at the user name. On top of that, when systems are "hacked" they usually bypass the authentication system entirely. Brute forcing (rainbow attacks etc) would, if successful, give you the login and password in clear text. Bypassing the authentication entirely would mean that the doors were opened, but the AI wouldn't know who entered.

Having said that, the problems with encryption in use today, are already solved problems, it's just that the world is slow to adopt the solutions. Given the time difference, I would not expect traditional login/pw brute forcing and related "hacks" to be the way of the future. For example, you can simply have a couple incorrect attempts lock out the account. No matter how fast Ghost could brute force, he'd never be so lucky to nail it in the first couple tries.

On top of that, when you break into a system via a REAL login and password, it's usually really simple to figure out who you logged in as, because there is a permission level associated with that person that Ghost would most certainly want to know. Given that he hacked in whole minutes before the Dr. Shim greeting, ghost should have known who he signed into the system as.

And again, since you brought it up, Occam's Razor. We have an AI that interfaces with hardware via light beams, and cracks doors all the time. If every other instance of cracking a door open, I doubt he's using a Hive login/pw. So, I don't think he typed in a password, I think he bypassed the security and authentication entirely, giving himself root access to all data, not a subset of data limited by whatever "random" credentials he happened upon first.

Now, modern security tends to use two-factor authentication. Something you have, and something you know. Something you "know" could be guessed, hacked, or bypassed, and usually would not be identifying. For example, I know my passcode for work, and my work does not. They have a hashed version, but that's it. On the other hand, the "have" usually is identifying. In my case it's a keycard, which identifies me as a unique entity on the system. This is also where biometrics are used. A finger print, an eye scan, an entire body scan. That is something you have, combined with something you know.

So, either Ghost went through the authentication system, in which case Ghost knows who he logged in as, and shouldn't be surprised by being referred to as that. Or, and this is my simple explanation, Ghost went around the authentication system, and security before or after identified us biometrically as Dr. Shim.


Complete thread:

 RSS Feed of thread