Home > slashdot > OAuth, OpenID Password Crack Could Affect Millions

OAuth, OpenID Password Crack Could Affect Millions

July 16th, 2010 07:06 admin Leave a comment Go to comments

CWmike writes “Researchers Nate Lawson and Taylor Nelson say they’ve discovered a basic security flaw that affects dozens of open-source software libraries — including those used by software that implements the OAuth and OpenID standards — that are used to check passwords and user names when people log into websites such as Twitter and Digg. By trying to log in again and again, cycling through characters and measuring the time it takes for the computer to respond, hackers can ultimately figure out the correct passwords. This may all sound very theoretical, but timing attacks can actually succeed in the real world. Three years ago, one was used to hack Microsoft’s Xbox 360 gaming system, and people who build smart cards have added timing attack protection for years. The researchers plan to discuss their attacks at the Black Hat conference later this month in Las Vegas.”

Source: OAuth, OpenID Password Crack Could Affect Millions

Related Articles:

  1. Nasty Security Flaw In OAuth, OpenID
  2. Researchers Dare AI Experts To Crack New GOTCHA Password Scheme
  3. How Many Seconds Would It Take To Crack Your Password?
  4. OpenID Warns of Serious Remote Bug, Urges Upgrade
  5. OpenID: Over 1 Billion (Potentially) Served
blog comments powered by Disqus