15 replies to this topic

[ninjaxxzpider]

i made a program for my computer on a server.it is a program for locking doors.

while true do
os.pullEvent =os.pullEventRaw
term.clear()
term.setCursorPos(1, 1)
write("Please Enter Password: ")
input = read("*")
if input == "ninja" then
redstone.setOutput("left", true)
sleep(3)
redstone.setOutput("left", false)
sleep(1)
os.reboot()
else
print("Password Not Correct! Try again later.")
sleep(1)
print("Shutting Down")
sleep(1)
os.reboot()
end
end

i just wanted to now that can anyone hack this program.(go inside my house)
(not with flopy disks)

[wieselkatze]

If use use the os.pullEventRaw() (you declared os.pullEvent to be os.pullEventRaw, so you do) no, unless you don't run the program on startup.
Why didn't you try it yourself?

(Also, now that everybody knows the password, they can)

[OReezy]

If people are able to place things, all they need to do is put a lever on your door and flip it. If your server has protection against people placing stuff, it should be alright.

[ninjaxxzpider]

i changed the password.
and it is a startup.
just wanted to now if that they can do anything to break the code.
thx.

[SkyRamon]

ninjaxxzpider, on 02 January 2014 - 01:46 AM, said:

i changed the password.
and it is a startup.
just wanted to now if that they can do anything to break the code.
thx.

You cannot break this code.

[Buho]

Pfft, sure it can be broken.

(I'm ignoring OReezy's very good point.)

For one thing, you have no protection against brute-force attacks. "aaaa", no, "aaab", no, "aaac", no, etc. Add in logic that adds a 5-minute delay between attempts after the 3rd wrong guess. That will slow down the brute-force attacker.

[nutcase84]

Pretty sure that DDoS's don't work in CC, unless the code is poorly programed. This looks secure to me.

[TheOddByte]

Buho, on 07 February 2014 - 12:44 PM, said:

Pfft, sure it can be broken.

(I'm ignoring OReezy's very good point.)

For one thing, you have no protection against brute-force attacks. "aaaa", no, "aaab", no, "aaac", no, etc. Add in logic that adds a 5-minute delay between attempts after the 3rd wrong guess. That will slow down the brute-force attacker.

No you can't simply bruteforce this, Since then you have to have a program that does the bruteforcing and as the OP asked it was if it could be cracked without floppy disks, And without floppy disks you can't run any other program except the startup which is preventing termination thus it's pretty much unbreakable.

[Bomb Bloke]

One doesn't need a program to "brute force" a password by guessing. One need only sit there and type in the guesses.

Whether or not anyone's likely to actually do that is a different matter - odds are anyone interested will take a few "good guesses" and move on. Buho's suggestion is to make even that a time-consuming process.

This is putting aside whether they're willing to place redstone torches / floppy drives, or just dig through your walls.

[CometWolf]

nutcase84, on 07 February 2014 - 01:25 PM, said:

Pretty sure that DDoS's don't work in CC, unless the code is poorly programed. This looks secure to me.

I don't... what? Do you even know what a DDoS is?

Seeing as everyone knows the password because of this post, it could easily be broken

[awsmazinggenius]

Distributed Denial of Service.

[Csstform]

CometWolf, on 07 February 2014 - 06:58 PM, said:

nutcase84, on 07 February 2014 - 01:25 PM, said:

Pretty sure that DDoS's don't work in CC, unless the code is poorly programed. This looks secure to me.

I don't... what? Do you even know what a DDoS is?

Seeing as everyone knows the password because of this post, it could easily be broken />

ninjaxxzpider, on 02 January 2014 - 01:46 AM, said:

i changed the password.
and it is a startup.
just wanted to now if that they can do anything to break the code.
thx.

[awsmazinggenius]

I was replying to a guy who didn't know what a DDoS attack was, not saying that somebody could/would do it

[TheOddByte]

Bomb Bloke, on 07 February 2014 - 06:33 PM, said:

One doesn't need a program to "brute force" a password by guessing. One need only sit there and type in the guesses.

Whether or not anyone's likely to actually do that is a different matter - odds are anyone interested will take a few "good guesses" and move on. Buho's suggestion is to make even that a time-consuming process.

This is putting aside whether they're willing to place redstone torches / floppy drives, or just dig through your walls.

Yeah I guess there isn't anyone willing to sit there and type ALOT until the password is correct, The only way I could think of that this would be insecure where if someone have gotten access to your computer before you made the startup and overridden some functions causing the real startup to hide and allowing rednet control and making you edit a fake startup file which makes everything seem normal, Then you could actually bruteforce the password, The reason I'm thinking of this is because I've messed around and made a virus that does exactly this and it will be fun when PDAs or whatever is coming to CC
But I guess that isn't so likely that someone have done that to your CC-computer.

[6677]

They could break your wall down or stick a torch infront of your door, that is unless you use protection plugins although in my experience if you place a door just on the edge of protection so you can still place a torch infront of it then you can still open the door, plugins dont protect against that and when I used to admin a server which did not allow griefing it became a right pain because nobody ever seemed to realise that would happen....

[OReezy]

I just mentioned the lever because you can make a locked door by playing it in open position and putting a torch below it. Then to open the door you power the torch instead.

But this is kind of irrelevant because if they can place things, they can probably just break the door or a wall too.