anders@rytter.me to Memes@lemmy.ml · 9 months agoBrute force protectionrytter.meimagemessage-square109fedilinkarrow-up11.05Karrow-down134file-text
arrow-up11.01Karrow-down1imageBrute force protectionrytter.meanders@rytter.me to Memes@lemmy.ml · 9 months agomessage-square109fedilinkfile-text
minus-squareTrailblazing Braille Taser@lemmy.dbzer0.comlinkfedilinkarrow-up1·9 months agoHow does that stop a brute force attack? As written, it only stops the single luckiest brute force attack that happens to get the password right on their first try.
minus-squarechraebsli@programming.devlinkfedilinkarrow-up3·9 months agoYou can’t really prevent a brute force attack. Even if you prevent it from one IP or so, you can still do “distributed” brute force attacks. Also only allowing one password per 5 seconds or so per IP will not work if you have lots of users and they are at work and have the same IP.
How does that stop a brute force attack? As written, it only stops the single luckiest brute force attack that happens to get the password right on their first try.
You can’t really prevent a brute force attack. Even if you prevent it from one IP or so, you can still do “distributed” brute force attacks.
Also only allowing one password per 5 seconds or so per IP will not work if you have lots of users and they are at work and have the same IP.