To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 6425
    Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Dan Boger
   (...) true, but can't you limit the number of attempts to, say, 5 in 30 minutes... that will make brute force attacks impractical... :) Dan (25 years ago, 23-Apr-00, to lugnet.admin.general)
   
        Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Todd Lehman
   (...) How without opening an equally dangerous door? --Todd (25 years ago, 23-Apr-00, to lugnet.admin.general)
   
        Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Dan Boger
   (...) Well, for a brute force attack to be successful, they have to try 100,000s of passwords... if you limit them to 5 tried every 30 minutes, it's pretty certain that they won't stumble upon the correct password before the password owner dies... (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
   
        Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Larry Pieniazek
   (...) Denial of service. I could write a bot that wakes up every 4 minutes and tries 6 random passwords for your account (and theoretically every one else's too) thus denying you (or theoretically anyone) the ability to get on as a member, because (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
 

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR