Next, "abc" is typed, and that shows 4 stars, and the attacker only has to consider the possible three-letter sequences that start with "ab", "am", or "ge" that result in 4 stars. The attacker might see that "ab", "am", "gq", "ge", "xc" are the possible two-letter sequences, and then throw out or de-prioritize "gq" and "xc" as possibilities for the start.
The attacker can then cut these down further by throwing away a lot of the sequences that they think are unlikely to be at the start of a password. The attacker can then figure out of all of the possible two-letter sequences that start with "a", "g", and "x" that result in 1 star.
Next, "ab" is typed, and that shows 1 star. Maybe "a" causes 3 stars to be shown right off the bat, and the attacker knows that only "a", "g", and "x" do that. If the password is "abcd", then when the user types "a" first, then some number of stars will be shown, and this will tell the attacker about the first character. Maybe the above is an extreme example, but consider that this system also leaks info about all of the partially typed forms of the password. What if your algorithm is found out to only show 8 stars for a single 10 character password? If an attacker knows the password is 10 characters long, shows 8 stars, and knows your software's algorithm, that tells them even more about the password. By changing the text field from that to making it based on some other quality related to the password, you're just leaking that new quality in addition to the length. Someone watching you can often hear how many keys you've typed already (or can count the number of times the typing indicator changes), so the standard model of showing a star for each character doesn't really leak anything new.
0 kommentar(er)
