Reply to post: Re: It only makes it easier to crack...

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Kiwi Silver badge

Re: It only makes it easier to crack...

One possible compromise would be that if the login is not successful, just delay the rejection response for a period of time, for example, 10 seconds.

So now you are open to DoS via resource depletion. What's your next plan?

How so? So user Tom38 has a 10 second or so wait before his next login attempt shows up (some pages take longer than that to load!), or ip 118.234.567.8910 takes 10 seconds before the page comes through. How's that a DoS? Only those who have typed a wrong password get the delay. I fail to see how that is a DoS?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019