Not how security works (Destiny)

by Kermit , Raleigh, NC, Friday, June 12, 2015, 18:20 (3258 days ago) @ Earendil

Because it was encrypted via radial A. Ghost didn't know whom he stole the log in info for, just that he had gotten it.

Given the stated dangers of just being in proximity to Vex structures, it is reasonable that the collective took serious measures to keep people from poking around, including encrypting the login data. So even if Ghost decrypted the user ID in order to get access, he would have no idea who the ID was for.

That isn't true, at least not today.

User Names are usually clear text, while passwords are hashed. You may not be able to look at the hash and determine anything from it, but you can look at the user name. On top of that, when systems are "hacked" they usually bypass the authentication system entirely. Brute forcing (rainbow attacks etc) would, if successful, give you the login and password in clear text. Bypassing the authentication entirely would mean that the doors were opened, but the AI wouldn't know who entered.

Having said that, the problems with encryption in use today, are already solved problems, it's just that the world is slow to adopt the solutions. Given the time difference, I would not expect traditional login/pw brute forcing and related "hacks" to be the way of the future. For example, you can simply have a couple incorrect attempts lock out the account. No matter how fast Ghost could brute force, he'd never be so lucky to nail it in the first couple tries.

On top of that, when you break into a system via a REAL login and password, it's usually really simple to figure out who you logged in as, because there is a permission level associated with that person that Ghost would most certainly want to know. Given that he hacked in whole minutes before the Dr. Shim greeting, ghost should have known who he signed into the system as.

He may have known the user ID, but that means nothing.

Even today, User IDs do not have to bear any resemblance to a real person's name.