Uhmmm.. how effective is a brute force attack where you can
only try one
combination per second? It's going to take you a while to get through
that dictionary.
How determined are you ;-)
Our product has a brute force attacker in it, and for some protocols, we
have to wait a few seconds
I like this idea of longer sleeps for each fail in theory,
but it becomes moot if you only allow 3 failed attempts.
-Original Message-
From: Tim Van Wassenhove [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 3:37 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Wait Statement
Well, everyone is in big discussion about this, so i figure i'll toss in
my worthless 2 cents.
Say your users have a password of like 8 characters, Brutus (used
for brute forcing) will tell someone trying to gain access that they'll
have better luck asking the person.
So the only real threat
sleep( nb of seconds ) ;
_
- Original Message -
From: ..: GamCo :.. [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 9:44 AM
Subject: [PHP-DB] Wait Statement... ?
Hi all,
I would like to add a line of code in PHP that will execute a wait
hhhmmm...
ok, i added the sleep() function in my page. what i'm basically doing is :-
i have a .php page where people log-in from. from there i send the form to
another .php page that actually checks the login and registers a session
with the username and password as session variables. then on
On Tuesday 20 July 2004 16:56, ..: GamCo :.. wrote:
ok, i added the sleep() function in my page. what i'm basically doing is :-
i have a .php page where people log-in from. from there i send the form to
another .php page that actually checks the login and registers a session
with the
..: GamCo :.. wrote:
ok, i added the sleep() function in my page. what i'm basically doing is :-
i have a .php page where people log-in from. from there i send the form to
another .php page that actually checks the login and registers a session
with the username and password as session variables.
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 7:10 AM
To: ..: GamCo :..
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Wait Statement... ?
..: GamCo :.. wrote:
ok, i added the sleep() function in my page. what i'm
basically doing is :-
i have a .php page where people log
Daevid Vincent wrote:
Similarly, I could adjust my brute force attack to sleep() a pre-determined
amount of time too ;-)
Uhmmm.. how effective is a brute force attack where you can only try one
combination per second? It's going to take you a while to get through
that dictionary.
The whole
PROTECTED]; 'John W. Holmes'
[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 9:47 PM
Subject: RE: [PHP-DB] Wait Statement... ?
Similarly, I could adjust my brute force attack to sleep() a
pre-determined
amount of time too ;-)
The whole 'sleep()' idea just seems silly. I agree with Jason. Just
validate
In article [EMAIL PROTECTED], John W. Holmes wrote:
Daevid Vincent wrote:
Similarly, I could adjust my brute force attack to sleep() a pre-determined
amount of time too ;-)
Uhmmm.. how effective is a brute force attack where you can only try one
combination per second? It's going to take
Tim Van Wassenhove wrote:
In article [EMAIL PROTECTED], John W. Holmes wrote:
Daevid Vincent wrote:
Similarly, I could adjust my brute force attack to sleep() a pre-determined
amount of time too ;-)
Uhmmm.. how effective is a brute force attack where you can only try one
combination per second?
12 matches
Mail list logo
