How secure do you feel GMail is?

Discussion in 'privacy problems' started by Carbonyl, Aug 6, 2010.

Thread Status:
Not open for further replies.
  1. Metastasio

    Metastasio Registered Member

    Joined:
    Aug 8, 2010
    Posts:
    28
    Of course. I probably have amassed 500+ passwords over the years.
     
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    It takes 39 random ASCII characters to equal 256 bits (assuming the characters are taken from the standard 94 printables). If the characters are only taken from A-Z, a-z, 0-9, it takes 43 random characters to equal 256 bits. If you use only letters (A-Z, a-z) it takes 45 random characters.

    NSA has a supercomputer that can crack 56 bit keys in a few seconds (and this was ten years ago).[1] I imagine now they have supercomputers that can crack 64 bit keys in a few minutes or hours. I wouldn't feel comfortable with anything less than 80 bit security against such a foe.

    Footnotes:

    1) I got this info from a documentary done on NSA about 10 years ago. You can find it on YouTube here. The narrator says that a typical encryption key has "70 quadrillion possibilities." If you convert that number into a "bit length" it comes out to be 56 bits.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    If I were a GMail user, explain step by step how someone would get into my account.

    thanks,

    rich
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    They also need the user name. How do they get that?
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Oh, we've got a funny one here. Back again?
     
  6. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Sorry to dredge this topic back up, but here's a number of different links illustrating what I meant in the original opening post above. These links lead to discussion on the Reddit community - The comment threads are more interesting than the links in the main stories. It basically illustrates that many individuals - Competent computer savvy people who know how to set safe passwords and keep their systems clean! - have been getting compromised lately. I'll modify the links as per Wilder's requirements:

    Compromised account story - hxxp://www.reddit.com/r/AskReddit/comments/djiuo/im_in_ny_i_keep_seeing_a_loggin_from_a_california/

    More compromised account stories - hxxp://www.reddit.com/r/reddit.com/comments/dj6mz/chinese_hackers_are_breaking_into_american_gmail/

    Yet more compromised account stories - hxxp://www.reddit.com/r/netsec/comments/dijlq/was_my_gmail_hacked/

    General discussion regarding the rise in compromised accounts - hxxp://www.reddit.com/r/netsec/comments/djbbl/has_anyone_noticed_an_increased_number_of/

    The attacks all seem to have the same details - Unknown IP (likely behind several proxies) logs into the victim's account somehow, and then sends spam to their contact list, while simultaneously puring their inbox and/or outbox.

    I'm still wondering, personally, if we're seeing a compromise of Google's GMail authentication process in action with these rising numbers. Then again, owing to the fact that these spammers seem to get in, do their business, and leave without further action, it may be possible that this is all done via session-stealing via an XSS grab at a session cookie. I'm not sure what to think.

    Other opinions on the matter?
     
  7. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    We are, indeed, Google's product -- not its customer. That realization makes things a lot more interesting. Oh, the implications! A business model where information is the bread and butter and privacy is counterproductive! Then again, that's the whole social networking experience in a nutshell.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.