Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hashing passwords intentionally slow for security.

The solution to a DOS like this is to ignored all password attempts after N per M time.



That's like saying to get someone to stop punching you, just punch yourself.

DOSing yourself to stop a DOS :/


Nope, what typically happens is the account gets locked out and requires a confirmation sent to the account's email address to unlock it.


So a soft DOS then. Not much of a solution, still fully exploitable.


how so? cutting off an IP after many failed passwords is good security anyway. Only side affect may be if someone's machine is infected and taking part in the attack they get locked out while it goes on.


He didn't say cut off an IP address.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: