• 0

Windows 7 Blizzard-Like Authenticator Software?


Question

I hope this is in the right section...

anyway what I want to know is, after logging into Windows 7, is there a program allready made that mimics how Blizzard's Authenticator works by generating 6 random numbers that must be typed in after pressing a button on the actual Authenticator?

It's hard to explain what I want it to do, so here is a youtube to try and explain it.

http://www.youtube.com/watch?v=IImstQUq_QQ

at 30 seconds he types in his username/password into WoW. Pretend that is the Windows 7 Login screen instead... then it comes up with the screen 'enter your generatred digital blizzard authenticator code'. After pressing the button on the authenticator, it shows 6 digits, which when typed in, allows him to login.

Is there a way to copy that, so I can use my Authenticator to login to Windows 7 itself the same way I use my authenticator to login to WoW? Im not software tech savvy so Im thinking the authenticator uses pre-programmed codes or a special algorhism or something, but if it can be done, or allready done, please point me in the direction where to find it :)

Link to comment
Share on other sites

23 answers to this question

Recommended Posts

  • 0

yes it's called RSA encryption

better get your cheque book out ;)

or just be really good at maths perhaps? - http://en.wikipedia.org/wiki/RSA

in any case, it is blizzard who have licensed the technology to use on WoW not 'blizzard authenticator code', that's just a funky name.

unless i have very much got the wrong end of the stick :D

Link to comment
Share on other sites

  • 0

This is a simple example of 2-factor authentication: it combines something you have (the one-time 6-character string, or nonce) with something you know (you username/passphrase). One of my banks uses this in order for us to sign in to the online account access and it blows my mind that more banks don't do this.

I'm guessing that you cannot use the Blizzard Authenticator to login to Windows. It would kind of compromise Blizzard's security if you could use their secure authentication mechanism to authenticate non-Blizzard realms, right?

Link to comment
Share on other sites

  • 0

in answer to your question, yes you can use it to log into windows.. but it truly is a pain in the ass.

we have rsa on all our external facing websites (email, company portal etc) and it ****es me off every time i need to use it! as 90% of the time my fob is no where near me.. so much easier to just remember a password.

i would honestly say, that disregarding the price, don't bother unless you really have cause to do it

Yeah, and then anyone who graduated from MIT who is still alive is still able to hack your account with little effort.

hardly unless they know the private key

Link to comment
Share on other sites

  • 0
yes it's called RSA encryption

better get your cheque book out ;)

or just be really good at maths perhaps? - http://en.wikipedia.org/wiki/RSA

in any case, it is blizzard who have licensed the technology to use on WoW not 'blizzard authenticator code', that's just a funky name.

unless i have very much got the wrong end of the stick :D

Very much the wrong end of the stick. RSA describes a public-key encryption algorithm, which itself has nothing to do with 2-factor authentication. And the math involved in RSA encryption is high-school level algebra. The RSA Corporation does provide a 2-factor authentication mechanism through their SecureID product, but I imagine it's crazy expensive.

A much better, and cheaper, idea is to do what my bank does: send the one-time password to your cellphone.

Link to comment
Share on other sites

  • 0
Very much the wrong end of the stick. RSA describes a public-key encryption algorithm, which itself has nothing to do with 2-factor authentication. And the math involved in RSA encryption is high-school level algebra. The RSA Corporation does provide a 2-factor authentication mechanism through their SecureID product, but I imagine it's crazy expensive.

A much better, and cheaper, idea is to do what my bank does: send the one-time password to your cellphone.

Sorry sorry, you are totally correct.

I did mean securID, on my fob on my desk it says RSA SecurID, but I just usually refer to it as an RSA fob.

My reply is still valid, just replace RSA with SecurID :D

p.s. securid is not a typo

Link to comment
Share on other sites

  • 0
in answer to your question, yes you can use it to log into windows.. but it truly is a pain in the ass.

we have rsa on all our external facing websites (email, company portal etc) and it ****es me off every time i need to use it! as 90% of the time my fob is no where near me.. so much easier to just remember a password.

i would honestly say, that disregarding the price, don't bother unless you really have cause to do it

hardly unless they know the private key

You really think reverse engineering a key fob until you find the private key is going to be all that difficult if they managed to graduate from MIT?

Link to comment
Share on other sites

  • 0
You really think reverse engineering a key fob until you find the private key is going to be all that difficult if they managed to graduate from MIT?

hmm.. i think you're giving MIT graduates a little too much credit

i would think it difficult as you would need to have the factory random key in addition to having access to the user random key.. i think! :p

Edited by BGM
Link to comment
Share on other sites

  • 0
hmm.. i would think it difficult as you would need to have the factory random key in addition to having access to the user random key.. i think! :p

All it takes is a ****ed off former employee of RSA and the damage is done. There is several ways to take advantage of the cipher and use it to your advantage without other parties knowing of your manipulation of the system. Dan Boneh has found more than one to attack the system. Triple DES is a much more secure form of Data Encryption.

Link to comment
Share on other sites

  • 0

Thanks for all the input on how it works and stuff :) appreciate it :) I just wanted it as a extra layer of security but for it to work, I think by the sounds of it id need Blizzard's own private/public key. So thanks anyway!

Link to comment
Share on other sites

  • 0
You really think reverse engineering a key fob until you find the private key is going to be all that difficult if they managed to graduate from MIT?

Speaking in general, yes, it is. Why on earth do you believe that simply graduating from a certain school automatically means that you'll be able to reverse engineer and extract data from a highly secure cryptographic microcontroller designed by a team of cryptography and chip experts? The argument makes zero sense. The only way to get data from them is by either finding and exploiting a design flaw/bug (very rare as the platforms have matured), or by physically taking the chip apart (and many are designed to break if you try to dissolve the casing). These controllers protect billions of dollars worth of investment, and are major targets. How long do I have to wait before one of your "MIT graduates" cracks the current generation of Videoguard/Conax used for pay-TV in Europe, for instance? It's been years now. Any day now, right?

Link to comment
Share on other sites

  • 0
Speaking in general, yes, it is. Why on earth do you believe that simply graduating from a certain school automatically means that you'll be able to reverse engineer and extract data from a highly secure cryptographic microcontroller designed by a team of cryptography and chip experts? The argument makes zero sense. The only way to get data from them is by either finding and exploiting a design flaw/bug (very rare as the platforms have matured), or by physically taking the chip apart (and many are designed to break if you try to dissolve the casing). These controllers protect billions of dollars worth of investment, and are major targets. How long do I have to wait before one of your "MIT graduates" cracks the current generation of Videoguard/Conax used for pay-TV in Europe, for instance? It's been years now. Any day now, right?

+1, high five this man.

Link to comment
Share on other sites

  • 0
Speaking in general, yes, it is. Why on earth do you believe that simply graduating from a certain school automatically means that you'll be able to reverse engineer and extract data from a highly secure cryptographic microcontroller designed by a team of cryptography and chip experts? The argument makes zero sense. The only way to get data from them is by either finding and exploiting a design flaw/bug (very rare as the platforms have matured), or by physically taking the chip apart (and many are designed to break if you try to dissolve the casing). These controllers protect billions of dollars worth of investment, and are major targets. How long do I have to wait before one of your "MIT graduates" cracks the current generation of Videoguard/Conax used for pay-TV in Europe, for instance? It's been years now. Any day now, right?

hy⋅per⋅bo⋅le

  /haɪˈpɜrbəli/ Show Spelled Pronunciation [hahy-pur-buh-lee] Show IPA

?noun Rhetoric.

1. obvious and intentional exaggeration.

2. an extravagant statement or figure of speech not intended to be taken literally, as ?to wait an eternity.?

:(

Link to comment
Share on other sites

  • 0

Actually, you might want to invest in a Goldkey.

These do pretty much what you're asking, and give you a ton of other benefits.

Plus they're really cheap. I've got a Gold & Master, and they're fantastic! (Y)

Link to comment
Share on other sites

  • 0
Speaking in general, yes, it is. Why on earth do you believe that simply graduating from a certain school automatically means that you'll be able to reverse engineer and extract data from a highly secure cryptographic microcontroller designed by a team of cryptography and chip experts? The argument makes zero sense. The only way to get data from them is by either finding and exploiting a design flaw/bug (very rare as the platforms have matured), or by physically taking the chip apart (and many are designed to break if you try to dissolve the casing). These controllers protect billions of dollars worth of investment, and are major targets. How long do I have to wait before one of your "MIT graduates" cracks the current generation of Videoguard/Conax used for pay-TV in Europe, for instance? It's been years now. Any day now, right?

Actually the one used by Canal Digital was hacked earlier this year, but you had to buy a somewhat expensive M2+ card from them. the hack lasted for 1-2 months or so... making the whole thing more expensive for the time it worked than actually paying for the subscription :p

Link to comment
Share on other sites

  • 0
hy⋅per⋅bo⋅le

  /haɪˈpɜrbəli/ Show Spelled Pronunciation [hahy-pur-buh-lee] Show IPA

–noun Rhetoric.

1. obvious and intentional exaggeration.

2. an extravagant statement or figure of speech not intended to be taken literally, as “to wait an eternity.”

:(

Huh? So you were just joking?

Actually the one used by Canal Digital was hacked earlier this year, but you had to buy a somewhat expensive M2+ card from them. the hack lasted for 1-2 months or so... making the whole thing more expensive for the time it worked than actually paying for the subscription :p

That was almost two years ago, and an older Conax system. The most recent version has been around for years, but they only recent completed the replacement of all the old cards. As far as I know the keys were obtained by exploiting a bug in a very old batch of cards that exposed the currently used key (but not the card's private keys).

In any case, my point was the level of difficulty, not that it's impossible if you've got the needed resources and skill level (which is beyond most graduates.) Your M2 reference does show that there is money in cracking these things. All the incentive is there, yet we don't see cracks popping up everywhere.

Link to comment
Share on other sites

  • 0
Huh? So you were just joking?

It was a ridiculous statement as to state, nothing is going to stop someone who wants to get the information bad enough.

Link to comment
Share on other sites

  • 0
hmm.. i think you're giving MIT graduates a little too much credit

i would think it difficult as you would need to have the factory random key in addition to having access to the user random key.. i think! :p

+1 Just because they went to MIT doesn't mean that they are all the children of Einstein! lol :D

It was a ridiculous statement as to state, nothing is going to stop someone who wants to get the information bad enough.

Very true! It is just a measure to make people feel more secure. Anybody that knows any decent amount of information about Information Technology should realize that nothing is fool proof. If it is made by a person, it can be cracked by a person. The idea of these high level security measures is to make it so hard to crack the security that the hacker doesn't want to put the effort into it. :)

Link to comment
Share on other sites

  • 0
It was a ridiculous statement as to state, nothing is going to stop someone who wants to get the information bad enough.

Your claim was that it would be easy for anyone who "graduated from MIT." This is patently false, as is the above claim. Simply wanting something isn't enough.

Link to comment
Share on other sites

  • 0
Your claim was that it would be easy for anyone who "graduated from MIT." This is patently false, as is the above claim. Simply wanting something isn't enough.

The fact that you take everything I say so damn literally is genuinely annoying, but who cares. If you care to review my posts for the past 5 years, you will soon find out that 3000 of 4274 posts are in fact dick jokes and references to wanting to see certain celebrities naked, and the general prodding of whoever happens to be there at the time, and not some insight in to Cryptography.

Link to comment
Share on other sites

  • 0
The fact that you take everything I say so damn literally is genuinely annoying, but who cares.

I apologize profoundly for believing that you meant it when you said that hacking chips like these was a piece of cake and implied that it's just a false sense of security. Again, sorry. In the future I'll keep in mind that you don't actually mean the things you say. End of derail. Boobies.

Link to comment
Share on other sites

  • 0
Huh? So you were just joking?

That was almost two years ago, and an older Conax system. The most recent version has been around for years, but they only recent completed the replacement of all the old cards. As far as I know the keys were obtained by exploiting a bug in a very old batch of cards that exposed the currently used key (but not the card's private keys).

In any case, my point was the level of difficulty, not that it's impossible if you've got the needed resources and skill level (which is beyond most graduates.) Your M2 reference does show that there is money in cracking these things. All the incentive is there, yet we don't see cracks popping up everywhere.

No, M2+ cards worked around july/august of THIS year. I in fact borrowed an M2+ card and tested it on my CD cable and it worked there as well(well same signal same coding). but I didn't care about ordering one since I had enough channels with my base package.

2 years ago was the regular M2 card, I knew people who used them and they where a bit ****ed about the M2+ cards since the new hack would have worked on the M2 card, but they did the M2+ cards to make more money. I suppose they where even more ****ed after they stopped working after 1-2 months :p

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.