India e-Aadhar password can be hacked in 2secs? Hacker claimed

Aadhar Trouble

Once again security of aadhar card came into doubt after a hacker named Somdev Sangwan claimed that he can break e-Aadhaar password in 2 ringtone seconds. He calculated a brilliant maths and go for try and failed method to crack password. In technology term it called 'brute forced'. He also mentioned  

Every eAadhar letter is locked with a password which is a fixed string of following schema: first_four_letters_of_name_in_uppercase + year_of_birth

Basically there are 4 uppercase alphabets & 4 digits involved. So how many combinations can be generated from 4 uppercase alphabets and 4 digits? The answer is 2821109907456 and it would take 90 years to crack the password if we try 1000 combinations per second. Ain’t nobody got time for that! 

Nobody have search time to break a password. Sohi reduce the time to 53 days by breaking the password in 2 strings, then he reduced the time to 12 hours by removing the invalid year of birth. Like who born before 1910, basically have no Aadhar Card. Then he added Indian names dictionary to narrow those password combination, which effectively reduced is time to 2 minute 40 second.  Hacker's blog post link

 He also explain that names can be filters as based on religion and popularity, if he is accurate then e-Aadhar password can be break within 2 seconds only. Few months ago Elliot Alderson, a French researcher showed a video how to bypass Aadhar's Android app in a minute. 

 My opinion is to use blockchain technology to store aadhaar data safely.What you think about the security of our private information and data which are linked with Aadhar card, let me know in comment below

Image courtesy- newstracklive.com