Vista activation cracked by brute force

[Tekki]

http://www.theinquirer.net/default.aspx?article=37941

Interesting, and Id like to see what MS will do about it. The biggest concern is the guesser getting legit keys.

[Ohemgee]

Malware


I like

http://ffmedia.ign.com/filmforce/ima...153666-000.jpg

[Miji]

I really liked the part where he said it was hacked, and then one line below says it works by simple brute force.

[Charla]

I never thought of those terms as mutually exclusive before. And how did MS not see this coming 5 years ago? If it can be broken by a dictionary attack, it will be. It's a rule.

[Epincus]

Or in other words someone brute forced a 'single' key out of the activation scheme. It doesn't say how long it took to brute force a single key anywhere in there, which lends the question of how effective this methodology is for finding keys. Since it took a month for a key to be bruteforced, I'd say the answer is "Not very". If anything, it just says microsoft shoulda changed to a 30 or 35 character key instead.

Not to say I support this method of anti-piracy, because in the end a *LOT* of people get boned when they buy Windows and get a "You're a thieving cunt" message. Just saying this doesn't mean anything yet.

More effective cracks will come with time, though. And maybe by that time there will be a point to having Vista!

[Snowknight26]

The Inquirer.

[VZX]

Don't we agree any passwords/keys can be revealed by brute force? it's not so surprising to me given they allow brute force mechanism to operate for trying out different keys.

[Charla]

Don't we agree any passwords/keys can be revealed by brute force? it's not so surprising to me given they allow brute force mechanism to operate for trying out different keys.

The term "can" is a little misleading. A simple forced delay between attempts puts the time required for a dictionary attack on the order of years or centuries. There's really no reason for MS not to do exactly that (like the op's article suggests) in the first place.

[Zigma]

Saw this a while ago and laughed.

[Koga]

Any program can be hacked with enough time effort and resources.

[Devek]

Only really retarded people try to stop single cases of piracy and m$ actually doesn't care if people crack a key or two and use a copy for themselves.. it just isn't worthwhile to try and stop that.

People that don't want to pay for software won't, but when they use your software anyway it is free advertising and microsoft's entire business model is about locking people in to windows and making them depend on it and that works better when as many people as possible use Vista so it HAS to be crackable to a certain extent.

What software companies like microsoft try to stop is companies selling pirated copies of windows for profit. Many companies out there have and will continue to sell copies of windows that they didn't not purchase in the first place, thats what the whole 'genuine advantage' program is for in the first place.

People that paid money and thought they bought windows find out they were ripped off with a pirated copy through the genuine advantage program, and microsoft gives them a free copy of windows in return for details and proof about who sold them the pirated copy in the first place.

Back to the article.. Lets say you can brute force one key every 30 days.. you won't sustain much of a business if you can only sell one thing a month.

[Correction]

Hoax

http://keznews.com/forum/viewtopic.php?t=2782

[Charla]

So, about 200 keys per hour. Keyspace roughly 25^25. And valid keys guesstimated at sqrt(keyspace).

That would give a valid key every ~3*10^17 keys, which comes to.. 170 bill years per key? And if MS is smart and WGA keeps a list of all issued keys, the list of true valid keys is a lot smaller.

This sounds like a job for NSA's codebreakers and not for a VB script.

3*10^17 looks right according to his original numbers, although I have no idea what attempts/second he's using to get 170 billion years. Anyway, it looks like we can all go home now.

[Raineer]

eh

http://it.slashdot.org/it/07/03/03/1339209.shtml

Basically, 5000 monkeys given infinite time would create the works of Shakesphere, right?

No biggie

[Kinto]

lolvista