Well, everyone is in big discussion about this, so i figure i'll toss in
my worthless 2 cents.
Say your users have a password of like 8 characters, Brutus (used
for brute forcing) will tell someone trying to gain access that they'll
have better luck asking the person.
So the only real threat
I like this idea of longer sleeps for each fail in theory,
but it becomes moot if you only allow 3 failed attempts.
> -Original Message-
> From: Tim Van Wassenhove [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 20, 2004 3:37 PM
> To: [EMAIL PROTECTED]
> Subject: Re
> Uhmmm.. how effective is a brute force attack where you can
> only try one
> combination per second? It's going to take you a while to get through
> that dictionary.
How determined are you ;-)
Our product has a brute force attacker in it, and for some protocols, we
have to wait a few seconds
Tim Van Wassenhove wrote:
In article <[EMAIL PROTECTED]>, John W. Holmes wrote:
Daevid Vincent wrote:
Similarly, I could adjust my brute force attack to sleep() a pre-determined
amount of time too ;-)
Uhmmm.. how effective is a brute force attack where you can only try one
combination per second?
On Wednesday 21 July 2004 05:00, Pablo M. Rivas wrote:
>sleep() is the brute deffense of the brute force attack...
>You can make a script that opens simultaneous attacks
One thing to bear in mind is that sleep() will hog resources and can lead to
DOS.
--
Jason Wong -> Gremlins Associat
In article <[EMAIL PROTECTED]>, John W. Holmes wrote:
> Daevid Vincent wrote:
>
>> Similarly, I could adjust my brute force attack to sleep() a pre-determined
>> amount of time too ;-)
>
> Uhmmm.. how effective is a brute force attack where you can only try one
> combination per second? It's goi
Hello John,
sleep() is the brute deffense of the brute force attack...
You can make a script that opens simultaneous attacks
JWH> I'm not saying using sleep is "the solution" to security problems, but
JWH> it can be one layer of your defense.
--
Best regards,
Pablo
--
PHP Database Mai
ot;'..: GamCo :..'" <[EMAIL PROTECTED]>; "'John W. Holmes'"
<[EMAIL PROTECTED]>
Sent: Tuesday, July 20, 2004 9:47 PM
Subject: RE: [PHP-DB] Wait Statement... ?
> Similarly, I could adjust my brute force attack to sleep() a
pre-determined
> am
Daevid Vincent wrote:
Similarly, I could adjust my brute force attack to sleep() a pre-determined
amount of time too ;-)
Uhmmm.. how effective is a brute force attack where you can only try one
combination per second? It's going to take you a while to get through
that dictionary.
The whole 'slee
--Original Message-
> From: John W. Holmes [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 20, 2004 7:10 AM
> To: ..: GamCo :..
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] Wait Statement... ?
>
> ..: GamCo :.. wrote:
> > ok, i added the sleep() function in my page. wh
..: GamCo :.. wrote:
ok, i added the sleep() function in my page. what i'm basically doing is :-
i have a .php page where people log-in from. from there i send the form to
another .php page that actually checks the login and registers a session
with the username and password as session variables. t
On Tuesday 20 July 2004 16:56, ..: GamCo :.. wrote:
> ok, i added the sleep() function in my page. what i'm basically doing is :-
>
> i have a .php page where people log-in from. from there i send the form to
> another .php page that actually checks the login and registers a session
> with the use
hhhmmm...
ok, i added the sleep() function in my page. what i'm basically doing is :-
i have a .php page where people log-in from. from there i send the form to
another .php page that actually checks the login and registers a session
with the username and password as session variables. then on th
sleep( nb of seconds ) ;
_
- Original Message -
From: "..: GamCo :.." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 20, 2004 9:44 AM
Subject: [PHP-DB] Wait Statement... ?
> Hi all,
>
> I would like to add
Hi all,
I would like to add a line of code in PHP that will execute a wait before
executing the next set of code. How do i do that ?
Regards,
GM
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
15 matches
Mail list logo