[OWASP_PHPSEC] Dictionary Attack ?
abiusx at owasp.org
Sun Jun 2 06:19:01 UTC 2013
I believe account locking should be implemented in advanced authentication, i.e when developers need advanced authentication mechanisms, and not be forced.
On Khordad 12, 1392, at 5:38 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> Hi .. :)
> Passwords are salted and hashed, recovery of password is impossible.
> As for brute force, this functionality will be built in "dvanced pass mgt."
> On Sat, Jun 1, 2013 at 9:04 PM, Johanna Curiel <johanna.curiel at owasp.org> wrote:
> account locks are necessary as a way to mitigate the use of brute force for logins
> in which scenario will this be used, for example
> an evil db admin who tries to decrypt passwords or brute force attacks on login attempt?
> On 31 mei 2013, at 23:13, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> > HI...I am still searching for this, but I thought it would be faster if I ask it here.
> > Do you know any way to stop dictionary attacks. We can keep a list of dictionary words and see if user-supplied password matches any of them. But other than this, do you suggest anything?
> > --
> > Regards,
> > Rahul Chaudhary
> > Ph - 412-519-9634
> > _______________________________________________
> > OWASP_PHP_Security_Project mailing list
> > OWASP_PHP_Security_Project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> Rahul Chaudhary
> Ph - 412-519-9634
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project