Author Topic: Website Asking For Key Going Around (Read 8755 times)

Crispy_ · June 20, 2014, 09:30:29 AM

Quote from: Headcrab Zombie on June 20, 2014, 09:28:19 AM

No.
Valid keys follow a certain numbering scheme. For example, in a valid credit card number, all the digits add up to a certain number. This makes it very easy to check if a number is valid without having to authenticate it with a server
I don't know the numbering scheme with keys, but if you do, you can just write a script that will go through all the keys and throw away any that don't conform to this scheme, making spamming the form with completely random keys pointless
Conversely, if you do know the scheme, you can generate random keys according to this scheme that couldn't be thrown out by an automated script

I don't think this guy doing the phishing is smart enough to do this though, considering he did not even try to make the site look authentic

Ad Bot · Advertisement

Ipquarx · June 20, 2014, 09:31:16 AM

Quote from: Headcrab Zombie on June 20, 2014, 09:28:19 AM

I don't know the numbering scheme with keys, but if you do, you can just write a script that will go through all the keys and throw away any that don't conform to this scheme, making spamming the form with completely random keys pointless
Conversely, if you do know the scheme, you can generate random keys according to this scheme that couldn't be thrown out by an automated script

I'm well aware of the validation scheme for keys, and I know that only 1/1024 completely randomly generated keys will pass the scheme. There's an easy way to turn the validation probability from 1/1024 to 100% though, but I'd probably get banned for posting it.

Quote from: Crispy_ on June 20, 2014, 09:30:29 AM

I don't think this guy doing the phishing is smart enough to do this though, considering he did not even try to make the site look authentic

Pretty much this.

Headcrab Zombie · June 20, 2014, 10:48:34 AM

Quote from: Crispy_ on June 20, 2014, 09:30:29 AM

I don't think this guy doing the phishing is smart enough to do this though, considering he did not even try to make the site look authentic

True enough. He's probably not smart enough to even figure out there's a validation scheme, let alone write code to check it

Starzy · June 21, 2014, 01:03:27 AM

Quote from: Headcrab Zombie on June 20, 2014, 10:48:34 AM

True enough. He's probably not smart enough to even figure out there's a validation scheme, let alone write code to check it

Let alone turn the entered keys into a database.

Zeblote · June 21, 2014, 08:14:39 AM

Quote from: Starzy on June 21, 2014, 01:03:27 AM

Let alone turn the entered keys into a database.

Well he doesn't need to do that.

Starzy · June 21, 2014, 05:15:34 PM

Quote from: Zeblote on June 21, 2014, 08:14:39 AM

Well he doesn't need to do that.

You can't check the entered values through a script connecting to google drive can you?

-Dogling- · June 22, 2014, 01:36:29 PM

I'm gonna submitted t 3 based alt keys.

-Dogling- · June 22, 2014, 01:52:27 PM

Quote from: -Dogling- on June 22, 2014, 01:36:29 PM

I'm gonna submitted t 3 based alt keys.

Damnit hudl. Learn to not predict.

Headcrab Zombie · June 22, 2014, 02:02:29 PM

Quote from: Starzy on June 21, 2014, 05:15:34 PM

You can't check the entered values through a script connecting to google drive can you?

Why couldn't you?

Scriode · June 22, 2014, 06:54:22 PM

Quote from: Starzy on June 21, 2014, 05:15:34 PM

You can't check the entered values through a script connecting to google drive can you?

As long as you can view it yourself, then you can access it.