web-security methods, advice please!
Sy Ali
sy1234-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Jan 2 18:45:08 UTC 2007
On 1/2/07, Madison Kelly <linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org> wrote:
> The idea, as I understood it, was to force a brute-force attach to try
> X-number of hashes per password, slowing down a brute-force attack to
> about 1 password/second. It may be overkill though, specially because of
> the server-side CPU resources required...
I'm confused.. why not implement this idea server-side.. to
automatically delay multiple password attempts?
Or better yet.. five password failures locks an IP out for x hours and
logs the event.
Perhaps these ideas would help against the brute force worries.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list