On Wed, Oct 26, 2011 at 7:59 AM, Andre Engels <[email protected]> wrote: > I do seriously wonder whether it is possible to steal such a password > 'within minutes or hours'. My calculation says that to do it within 24 > hours, one needs to test 40 million passwords per second. And remember that > 'testing' in this case means sending a message to the Wikimedia servers and > waiting for an answer. Surely getting over 1000 times the normal number of > requests per second (I have no number for the total number of requests, but > the number of page requests seems to be around 6000 per second) is something > that would not remain unnoticed at the Wikimedia servers for 24 hours.
Ignoring the fact that most wiki's are throttled to 5 login attempts in 5 minutes per IP. So you can really only check 60 an hour or 1440 a day per IP. So with 114 Billion/hr rate needed and limited to 60/hr you'd need about 2.4 Billion IP addresses. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
