[OWASP_PHPSEC] isBruteForce ?

Abbas Naderi abiusx at owasp.org
Mon Sep 2 12:18:52 UTC 2013


It must be wrong then. File an issue in GitHub for Rahul to deal with it.
-A
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 2, 2013, at 3:12 AM, Shivam Dixit <shivamd001 at gmail.com> wrote:

> In advance password library, brute force has two definitions out of which one is defined as :
> 
> public static $bruteForceLockTimePeriod = 5;	//5 SEC  - This defines the time-period after which next login attempt must be carried out. E.g if the time is 5 sec, then time-period between two login attempts must minimum be 5 sec, otherwise it will be considered brute-force attack.
> 
> According to above description brute force must be considered if time-period between two login attempts is less than 5 secs irrespective of total number of attempts.
> But in the function definition, brute force is considered only when last login attempt is less than bruteForceLockTimePeriod as well as total login attempts have exceeded bruteForceLockAttempts. I am bit confused, is the description correct or the function definition ?
> 
> File Name: adv_password.php
> Line Number : 41, 94
> 
> -- 
> Regards,
> Shivam Dixit
> 2nd Year C.S.E, 
> LNM IIT, Jaipur.
> 
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130902/c1593e51/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list