Comment Re:Birthday Attack (Score 1) 187
That's absolutely right, I mentioned this in the article (in the section starting with "However, if the attacker has a database of 1000 customer names...") but in the context of using it on PINs instead of passwords.
Basically, they allow really weak passwords, then any attack that works on PINs will work on passwords. (Well, almost -- even if they allow weak passwords, at least they can't force everyone to have a weak password -- they do however force all new users to choose a 4-digit PIN.)
Basically, they allow really weak passwords, then any attack that works on PINs will work on passwords. (Well, almost -- even if they allow weak passwords, at least they can't force everyone to have a weak password -- they do however force all new users to choose a 4-digit PIN.)