Editing Talk:936: Password Strength
Please sign your posts with ~~~~ |
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | ''Fix the software first.'' If you double the time it takes to enter each repeated password attempt you make brute force attacks pointless. Imagine you allowed a hurried user who screws up their own password entry w/ frozen fingers. If their system starts out with a 1 second delay, then doubles to two, then to four, etc. the time it takes to wait is 2^n. Six screw ups cost you a minute, twenty errors and you are waiting 291 hours before your next log-in attempt.... kmc 2015-05-10 | + | ''Fix the software first.'' If you double the time it takes to enter each repeated password attempt you make brute force attacks pointless. Imagine you allowed a hurried user who screws up their own password entry w/ frozen fingers. If their system starts out with a 1 second delay, then doubles to two, then to four, etc. the time it takes to wait is 2^n. Six screw ups cost you a minute, twenty errors and you are waiting 291 hours before your next log-in attempt.... kmc 2015-05-10 |
: That's not how brute force attacks work. They steal the hashes of the passwords and then brute force them locally. [[Special:Contributions/198.41.235.107|198.41.235.107]] 23:43, 10 January 2016 (UTC) | : That's not how brute force attacks work. They steal the hashes of the passwords and then brute force them locally. [[Special:Contributions/198.41.235.107|198.41.235.107]] 23:43, 10 January 2016 (UTC) |