Steve Holdoway wrote:
Douglas Royds wrote:
If the log-in mechanism allowed one log-in attempt per second, it
would take almost 4 years to cover them. You might get lucky and crack
it in a few months. But only if the log-in allowed one attempt per
second indefinitely. So this is where Microsoft - and the open source
community - can prevent brute-force attack - simply limit the rate at
which attempts can be made.
And if I'm attacking in parallel - is that still 1/sec? The login
routine includes an exponential increase in delay time for each
incorrect password, so it's pointless to try more than once.
Which log-in routine, sorry?
And do I need to wait until it's complete until I try again? If I'm
using all my (brute) force to get in, I will be doing both.
Both which?
(Does this footer have any legal standing?)
Enough about the footer, thanks.
Douglas.
=======================================================================
This email, including any attachments, is only for the intended
addressee. It is subject to copyright, is confidential and may be
the subject of legal or other privilege, none of which is waived or
lost by reason of this transmission.
If the receiver is not the intended addressee, please accept our
apologies, notify us by return, delete all copies and perform no
other act on the email.
Unfortunately, we cannot warrant that the email has not been
altered or corrupted during transmission.
=======================================================================
