4 posts
  • Has been part of the Envato Community for over 4 years
  • Located in Canada
  • Has collected 1+ items on Envato Market
MrBond
says

falls off chair

13 posts
  • Has been part of the Envato Community for over 3 years
  • Located in Australia
dgoodlad
says

[...] Then again, I don’t really see the brute-force issue to begin with. As long as the server implements a delay of say 1 or 0.5 second per login attempt (which is hardly noticable for a legitimate user), that would cause as much as a 7 character password to be quite infeasible to crack. Can anyone enlighten me? Or it a parallel request attack that makes this feasible regardless of the millions of required requests? Or would that cause an effect similar to a DDoS and backfire on the attackers?

Instead of thinking about a distributed dictionary attack against a single user trying many passwords, consider an attack against many users trying few simple passwords. Lots of people out there still use trivial passwords, which is what that kind of attack is targeting.

In the case of a distributed attack against many user accounts, it’s very difficult to track and identify malicious login attempts versus legitimate ones. A delay between login attempts doesn’t help with this style off attack either, sadly.

Dave

53 posts Master of the Internets
  • Has been part of the Envato Community for over 4 years
  • Has referred 1+ members
  • Located in Australia
  • Has collected 10+ items on Envato Market
+2 more
chendo
says

@chendo while ur at it, is it hard to make the “Logout” button kill the users session on ALL marketplaces? not just the one they click logout on?

It’s on the books.

2120 posts
  • Has referred 200+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Achieved the monthly Community Superstar Award
+13 more
DarkstarDesigns
says

They are so hard to read it often take four or so attempts to get it right, they dont need to be so hard!

2048 posts
  • Has referred 50+ members
  • Has sold $750,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+8 more
bitfade
says

cloud9communication
cloud9communication Recent Posts Threads Started
608 posts
  • Sells items exclusively on Envato Market
  • Has sold $10,000+ on Envato Market
  • Has referred 10+ members
  • Located in India
+3 more
cloud9communication
says

now its great earlier i had to zoom in my screen to read the CAPTCHA

3852 posts Community Moderator
  • Helps us moderate the forums
  • Taught a course or tutorial on Tuts+
  • Located in Netherlands
  • Has been part of the Envato Community for over 6 years
+9 more
Joost
Moderator
says

Instead of thinking about a distributed dictionary attack against a single user trying many passwords, consider an attack against many users trying few simple passwords

if there are 10,000 current password guesses getting fired at the server, then the server has to keep those 10,000 requests open while the delay runs. it wouldn’t really achieve anything with the delay other than putting more load on the server.

Ah, those are interesting viewpoints. Didn’t look at it like that. You’re both absolutely right, and luckily using reCaptcha does indeed solve these issues effectively :) Thanks again for looking after us, devs!

6 posts
  • Has been part of the Envato Community for over 4 years
  • Has collected 1+ items on Envato Market
tomato1
says

LOL @9GAG post..I like the changes by the way…

8413 posts Community Moderator
  • Has referred 10+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 50+ items on Envato Market
  • Achieved the monthly Community Superstar Award
+10 more
MSFX
Moderator
says

so i’m logged into AD and when I go to TF i’m logged out… thought this was fixed?

482 posts
  • Has been part of the Envato Community for over 3 years
  • Has sold $40,000+ on Envato Market
  • Interviewed on an Envato blog
  • Has collected 10+ items on Envato Market
+4 more
studio_21
says

Cool, less annoying.

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by