To learn this lesson you do not have to pay anything – the New South Wales tax payers, thanks to experts hired by their politicians and government will pay for you.
As part of the cybersecurity Master’s course, we had to set up an experiment to test brute forcing of passwords. I had my two virtual Linux machines set up on my PC (at the time a i5 laptop with 8GB RAM) and it soon became apparent that once I got to a five character lower case only password, I did not have enough power to crack the password in a time that was reasonable. I have subsequently played around with the same setup on my latest laptop, a very good i7, 32GB RAM and a GPU. With the GPU utilised as part of the cracking and accepting that the fans were running hard and the metal case of the laptop was hot as well, I still struggled to get beyond a seven character password over a weekend – choose 7 from 26.
You get the idea:
- It is easy to set up a system to brute force passwords
- The more complex the passwords the harder it is to brute force a password
That brings me to the digital driving licenses introduced in New South Wales by their government and obviously overseen by a technically competent senior member of that administration and their expert advisors – well that is what the taxing citizen was hoping for!
To start the encryption process when you first install the app, you choose a four digit PIN and that is used to seed the encryption. You can see where this is going now – it is not difficult to brute force a four digit password – choose 4 from 10.
There are other flaws with this digital solution to a personal information problem:
Dvuln Labs – ServiceNSW’s Digital Drivers Licence Security appears to be Super Bad
Clive Catton MSc (Cyber Security) – by-line and other articles
