phpass HAVE BEEN CRACKED! What is the solution? |
[eluser]Dregond Rahl[/eluser]
[quote author="bargainph" date="1245233983"]Dregond, see lmgtfy andpost #11[/quote] hahaha, iv googled it before and I read the post too XD. but I mean, even if we use fancy hashing methods or lock out methods, the problem is that if you do get attacked it still means a lot of database queries which will slow down the system, and if you lock out users if its a heavy attack it could cause a lot of locked accounts very often. So thats what I ment by if there was away to test the system implemented, for example the method where a cookie is set and if it reaches 5 attempts it will lock the user with the cookie from being able to see the login page for 5 mins. If a brute force attack was done would it even store cookies? and if it doesn't, would saving the attempts in a DB more effective? I don't think so tho because that would just lock out the user, not the hacker in specific or bot. |
Welcome Guest, Not a member yet? Register Sign In |