Brute force protection

@memes

  • gibmiser@lemmy.world
    1·
    8 months ago

    As a non programmer, is the joke that humans will retype their password assuming that they made a typo?

    If so, sick indeed.

    • Infynis@midwest.socialEnglish
      1·
      8 months ago

      The guy coding made it so, on your first attempt, even if you answer correctly, it will tell you your login failed due to incorrect username or password, to joke about how it feels like you always get it wrong on the first try

  • Pacmanlives@lemmy.world
    0·
    8 months ago

    I remember in college editing OpenSSH source code to instead of return wrong password to a root shell prompt just to stop brute force attacks

      • Pacmanlives@lemmy.world
        1·
        8 months ago

        Oh all of my configs are deny root ssh login or without-password. I noticed a significant decrease in scans when returning a root prompt when I did that. This was also in the mid 2000s so who knows how things would be in this day in age for a reduction in scans

      • Rickety Thudds@lemmy.caEnglish
        0·
        8 months ago

        Rainbow tables and presumably newer stuff I haven’t heard of make this sort of thing weaker than it used to be

        • Clent@lemmy.world
          1·
          8 months ago

          The rainbow table would have to include every four word combination. At around half a million words in the English dictionary, that’s not a small number.

          As another XKCD comic illustrates, it’s cheaper to use a wrench.

        • Whelks_chance@lemmy.world
          1·
          8 months ago

          How does a rainbow table help here? They’re more for decoding unsalted encrypted database tables, rather than for actually trying to login.

        • aname@lemmy.one
          1·
          8 months ago

          Salting makes rainbow tables pretty much useless, and salting has been a standard practise for a few decades now.

      • iAvicenna@lemmy.world
        0·
        8 months ago

        I suspect if the cracking code was constructed such that it had more weight on trying combinations of common words then this would be much easier to crack

        • OpenStars@startrek.websiteEnglish
          1·
          8 months ago

          I would naively think that as well - you would expand your alphabet of “symbols” to include both single letters and numbers and punctuation but also common words as well. It is still a lot of combinations to have to try though, even if less than each letter by itself.