[OWASP_PHPSEC] Dictionary Attack ?

Abbas Naderi abiusx at owasp.org
Sun Jun 2 06:19:01 UTC 2013


Hi,
I believe account locking should be implemented in advanced authentication, i.e when developers need advanced authentication mechanisms, and not be forced.
-Abbas
On Khordad 12, 1392, at 5:38 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> Hi .. :)
> 
> Passwords are salted and hashed, recovery of password is impossible.
> As for brute force, this functionality will be built in "dvanced pass mgt."
> 
> 
> 
> On Sat, Jun 1, 2013 at 9:04 PM, Johanna Curiel <johanna.curiel at owasp.org> wrote:
> account locks are necessary as a way to mitigate the use of brute force for logins
> 
> in which scenario will this be used, for example
> 
> an evil db admin who tries to decrypt passwords or brute force attacks on login attempt?
> 
> regards
> 
> Johanna
> 
> 
> 
> 
> On 31 mei 2013, at 23:13, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> 
> > HI...I am still searching for this, but I thought it would be faster if I ask it here.
> >
> > Do you know any way to stop dictionary attacks. We can keep a list of dictionary words and see if user-supplied password matches any of them. But other than this, do you suggest anything?
> >
> > --
> > Regards,
> > Rahul Chaudhary
> > Ph - 412-519-9634
> > _______________________________________________
> > OWASP_PHP_Security_Project mailing list
> > OWASP_PHP_Security_Project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130602/9110a58c/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list