[OWASP_PHPSEC] Dictionary Attack ?

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Jun 2 01:08:44 UTC 2013


Hi .. :)

Passwords are salted and hashed, recovery of password is impossible.
As for brute force, this functionality will be built in "dvanced pass mgt."



On Sat, Jun 1, 2013 at 9:04 PM, Johanna Curiel <johanna.curiel at owasp.org>wrote:

> account locks are necessary as a way to mitigate the use of brute force
> for logins
>
> in which scenario will this be used, for example
>
> an evil db admin who tries to decrypt passwords or brute force attacks on
> login attempt?
>
> regards
>
> Johanna
>
>
>
>
> On 31 mei 2013, at 23:13, rahul chaudhary <rahul300chaudhary400 at gmail.com>
> wrote:
>
> > HI...I am still searching for this, but I thought it would be faster if
> I ask it here.
> >
> > Do you know any way to stop dictionary attacks. We can keep a list of
> dictionary words and see if user-supplied password matches any of them. But
> other than this, do you suggest anything?
> >
> > --
> > Regards,
> > Rahul Chaudhary
> > Ph - 412-519-9634
> > _______________________________________________
> > OWASP_PHP_Security_Project mailing list
> > OWASP_PHP_Security_Project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>



-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130601/ad19723e/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list