[jdev] plaintext passwords hack
Dave Cridland
dave at cridland.net
Thu Dec 17 09:49:29 CST 2009
On Thu Dec 17 15:48:14 2009, Jonathan Dickinson wrote:
> Sorry for not conforming to the list standards, I am on my mobile.
>
> Logins taking a long time is advantageous, remember we are not a
> primitive/chatty protocol like HTTP; so burning CPU cycles during a
> login is a VERY small problem; people often forget that we are not
> in the same realm of HTTP. The advantage mentioned is that: more
> time to verify a password = less brute operations per second = more
> time for an admin to notice.
And so much easier to DOS a server without having to have an account
on it.
Really, advantageous all round.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the JDev
mailing list