| ▲ | vdfs 9 days ago | |||||||
Why would doing this to 125K accounts give them access to one account per day? The chances of guessing 6-digtis pin code for each account is the same (10^6) regdless of how many accounts your are attacking | ||||||||
| ▲ | MiddleEndian 9 days ago | parent | next [-] | |||||||
It's never truly guaranteed and the numbers aren't quite one account per day at 125k accounts, but: 10^6 digits = 1,000,000 possibilities 125,000 accounts x 4 attempts per account per day = 500,000 attempts per day --- 1-(1-1/1,000,000)^500,000 ≈ 39% So every day they have a roughly 39% chance of success at 125,000 accounts. --- At a million accounts: 1-(1-1/1,000,000)^(4×1,000,000) ≈ 98% Pretty close to 1 account per day Off by a factor of 4 but the concept stands. --- And 125k accounts will be close to guaranteed to getting you one each week: 1-(1-1/1,000,000)^(7×4×125,000) ≈ 97% | ||||||||
| ||||||||
| ▲ | toast0 9 days ago | parent | prev | next [-] | |||||||
What are the chances of getting 500,000 guesses (4 each for 125,000 accounts) wrong ? My math says 60%, so probably not one account per day, but if they keep it up for a week and everything else holds, there's only a 3% chance they haven't gotten any codes right. | ||||||||
| ▲ | anonymars 9 days ago | parent | prev [-] | |||||||
Guess the same code for every account. Imagine the extreme case, where they pinged one million accounts and then tried the same code (123456) for each one. Statistically, 1 of those 1,000,000 six-digit TOTP codes will probably be 123456 | ||||||||