Author Topic: Website Asking For Key Going Around  (Read 10205 times)

No.
Valid keys follow a certain numbering scheme. For example, in a valid credit card number, all the digits add up to a certain number. This makes it very easy to check if a number is valid without having to authenticate it with a server
I don't know the numbering scheme with keys, but if you do, you can just write a script that will go through all the keys and throw away any that don't conform to this scheme, making spamming the form with completely random keys pointless
Conversely, if you do know the scheme, you can generate random keys according to this scheme that couldn't be thrown out by an automated script
I don't think this guy doing the phishing is smart enough to do this though, considering he did not even try to make the site look authentic

I don't know the numbering scheme with keys, but if you do, you can just write a script that will go through all the keys and throw away any that don't conform to this scheme, making spamming the form with completely random keys pointless
Conversely, if you do know the scheme, you can generate random keys according to this scheme that couldn't be thrown out by an automated script
I'm well aware of the validation scheme for keys, and I know that only 1/1024 completely randomly generated keys will pass the scheme. There's an easy way to turn the validation probability from 1/1024 to 100% though, but I'd probably get banned for posting it.

I don't think this guy doing the phishing is smart enough to do this though, considering he did not even try to make the site look authentic
Pretty much this.

I don't think this guy doing the phishing is smart enough to do this though, considering he did not even try to make the site look authentic
True enough. He's probably not smart enough to even figure out there's a validation scheme, let alone write code to check it

True enough. He's probably not smart enough to even figure out there's a validation scheme, let alone write code to check it
Let alone turn the entered keys into a database.

Let alone turn the entered keys into a database.
Well he doesn't need to do that.

Well he doesn't need to do that.
You can't check the entered values through a script connecting to google drive can you?

I'm gonna submitted t 3 based alt keys.

I'm gonna submitted t 3 based alt keys.

Damnit hudl. Learn to not predict.

You can't check the entered values through a script connecting to google drive can you?
Why couldn't you?

You can't check the entered values through a script connecting to google drive can you?
As long as you can view it yourself, then you can access it.