[OWASP_PHPSEC] Dictionary Attack ?
rahul300chaudhary400 at gmail.com
Sun Jun 2 01:08:44 UTC 2013
Hi .. :)
Passwords are salted and hashed, recovery of password is impossible.
As for brute force, this functionality will be built in "dvanced pass mgt."
On Sat, Jun 1, 2013 at 9:04 PM, Johanna Curiel <johanna.curiel at owasp.org>wrote:
> account locks are necessary as a way to mitigate the use of brute force
> for logins
> in which scenario will this be used, for example
> an evil db admin who tries to decrypt passwords or brute force attacks on
> login attempt?
> On 31 mei 2013, at 23:13, rahul chaudhary <rahul300chaudhary400 at gmail.com>
> > HI...I am still searching for this, but I thought it would be faster if
> I ask it here.
> > Do you know any way to stop dictionary attacks. We can keep a list of
> dictionary words and see if user-supplied password matches any of them. But
> other than this, do you suggest anything?
> > --
> > Regards,
> > Rahul Chaudhary
> > Ph - 412-519-9634
> > _______________________________________________
> > OWASP_PHP_Security_Project mailing list
> > OWASP_PHP_Security_Project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project