Timeline for Why is it still necessary to block brute-force attacks when passwords hash verification requires significant work?
Current License: CC BY-SA 4.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 12, 2018 at 8:30 | vote | accept | SamuelBF | ||
| Nov 10, 2018 at 10:33 | answer | added | mroman | timeline score: 0 | |
| S Nov 9, 2018 at 19:39 | history | suggested | JesseM | CC BY-SA 4.0 | Fixed typo and minor re-word of question |
| Nov 9, 2018 at 18:37 | comment | added | JesseM | Your first case makes significant assumptions (e.g. disallowing weak passwords, and time to attempt hashes). Rate limiting helps, but locking out is the "fail closed" approach to protect an account under attack. Yes, you could get Denial of Service, but sometimes that is the preferable choice. | |
| Nov 9, 2018 at 18:33 | review | Suggested edits | |||
| S Nov 9, 2018 at 19:39 | |||||
| Nov 9, 2018 at 13:00 | answer | added | Steffen Ullrich | timeline score: 5 | |
| Nov 9, 2018 at 12:15 | review | First posts | |||
| Nov 9, 2018 at 18:38 | |||||
| Nov 9, 2018 at 12:12 | history | asked | SamuelBF | CC BY-SA 4.0 |