Not really. If you don't rotate the six-digit code, the probability an attacker ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		md_ on June 20, 2021 \| parent \| context \| favorite \| on: How I Found a Vulnerability to Hack iCloud Account... Not really. If you don't rotate the six-digit code, the probability an attacker who tries sequential codes gets the correct code in 1M attempts is 1. But if you do rotate the code, the Bayesian probability that an attacker who tries random codes gets the correct code in 1M attempts is still about 60%, if I did my math right (and of course it asymptotically approaches 1 with more attempts).

Black101 on June 20, 2021 [–]

who wouldn't do random?

But either way it would be insecure if you did sequential... even if you had 2000 characters for your password.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact