[OWASP_PHPSEC] isBruteForce ?

Shivam Dixit shivamd001 at gmail.com
Mon Sep 2 07:12:57 UTC 2013


In advance password library, brute force has two definitions out of which
one is defined as :

public static $bruteForceLockTimePeriod = 5; //5 SEC  - This defines the
time-period after which next login attempt must be carried out. E.g if the
time is 5 sec, then *time-period between two login attempts must minimum be
5 sec*, otherwise *it will be considered brute-force attack*.

According to above description brute force must be considered if
time-period between two login attempts is less than 5 secs *irrespective of
total number of attempts.*
But in the* function definition*, brute force is considered only when last
login attempt is less than *bruteForceLockTimePeriod as well as* total
login attempts have exceeded *bruteForceLockAttempts. *I am bit confused,
is the description correct or the function definition ?
*
*
*File Name: adv_password.php*
*Line Number : 41, 94*

-- 
*Regards,*
 *Shivam Dixit*
*2nd Year C.S.E,
LNM IIT, Jaipur.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130902/90cc4e47/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list