2 replies to this topic

[adamh]

We have all heard the hype around ai, its supposed to be dangerous. In other threads we have discussed ways it could become harmful vs the benefits it could bring. One topic has been mentioned without being explored, the ability to crack passwords. I say this is an easy threat to stop.

 

If indeed a super computer using modern cutting edge technology can crack any password, is an important question. If passwords became useless then identities can be stolen, bank accounts emptied and secrets stolen. We would have to go in person to make a payment or collect a salary. It wouldn't end civilization but it would make life more difficult

 

Brute force hacking seems to be the go to method. Other methods use known data about the person since this is often used in creating a password. Names, dates, titles of books and so on might give a clue. But can brute force really crack any password? It first uses a dictionary attack, might try several languages. Then, it tries making lists of possible combinations but random letters, numbers and symbols can make a list of trillions of possibilities or much more.

 

It can generate such a list in a short time so what is the problem? The problem is that even if your password is on the list, they still have to try it out to see if its the right one. That is where the bottleneck comes. If it takes one second to verify a password, then if its not on the first easy lists they try, the dictionary list and random list is going to take centuries or even millions of years to try

 

Most secure systems will allow only a few wrong tries and the account is shut down for a period of time. Therefore, a brute force attack will only work in a few limited cases where the system has no safeguards in place and will process a request rapidly or when social engineering pays off

 

So don't use short easy to guess passwords, don't use your personal info to make it and use some symbols along with letters and numbers. Do that and the mighty AI monster is slain, he can not crack your account. The nuclear launch codes are probably the most secure codes and would be long, would use all those tricks and may require a fingerprint or other safeguards that they don't publicize.

 

If someone calls and its a relative in trouble asking for money, simply ask them something that others would not know. What happened at your graduation from college, what is the name of your dog, what is your girl/boy friends last name, when did you call last? and so on. If they can't answer and just keep begging, its a scam but many people will not think of that and it will take a while before people learn about deep fakes but this is relatively easy to stop.

 

 

[Mind]

The problem is that cracking passwords is an exponential process/evolution. If an AGI can crack just one password of an IT engineer that works at Google, Microsoft, or Amazon, then it would have access to the whole password and identification/authenticator process of hundreds of millions of people and companies. AGI could easily spoof and/or eavesdrop on any communication or login process at that point. It could easily install keystroke loggers on hundreds of millions of phones/computers. Almost every account gets hacked  - and it starts with just one vulnerability - and there are many many vulnerabilities within the technological ecosystem we live within.

[adamh]

The problem is that cracking passwords is an exponential process/evolution. If an AGI can crack just one password of an IT engineer that works at Google, Microsoft, or Amazon, then it would have access to the whole password and identification/authenticator process of hundreds of millions of people and companies. 

 

Are you saying that all or many IT engineers have access to the passwords of hundreds of millions of people and companies? That is a huge vulnerability right there. Why on earth would a random engineer have such access? I didn't think anyone had wide access like that. If you are correct, then something has to change right away. Do you have any evidence that this is the case?

 

An engineer at one of those big companies could perhaps see the passwords of those who use the site, or maybe not. I'm fairly sure that big companies have internal security procedures that would probably make it impossible for a low level person to bring up all of that info. Possibly he could look up one or a few but to see all of millions of passwords and other sensitive info is going to be restricted to a few top people or simply unavailable. The big companies are not dumb, they know that a hacker could cost them millions or billions if such a hack took place. They aren't going to even trust a vice president with that because its a potential disaster for the company

 

Since its such a big deal and in the past hacks have cost huge amounts of money, they have to have multiple safeguards in place. When I lose my password on a site like that, they let me make a new one after verifying ID, they do not look it up and give me the old password. They tell me they can't do that. It seems that your IT person might not be able to look up even one password and to make a new one would leave a record.

 

As I pointed out previously, you can generate a billion possible passwords in a second, maybe more than that. But to try out each password take a certain amount of time and its childs play to set it up to disable after a certain number of false attempts. I maintain that AI can not crack a strong password. It may fool people into giving up their info but that is a different thing and it relies on a big mistake by the victim. This happens every day