this post was submitted on 13 Mar 2024
1017 points (96.9% liked)

Memes

45751 readers
1290 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
1017
Brute force protection (rytter.me)
submitted 8 months ago by anders@rytter.me to c/memes@lemmy.ml
108 comments fedilink hide all child comments
 

Brute force protection

@memes

you are viewing a single comment's thread
view the rest of the comments
[–] finkrat@lemmy.world 14 points 8 months ago* (last edited 8 months ago) (1 children)

Won't protect against an offline attack (just will confuse the hell out of the hacker) but might confound an online attack? Until someone gets wise and runs the tool a second time. Loving the chaotic neutral vibes here.

[–] zalgotext@sh.itjust.works 4 points 8 months ago (1 children)

It doesn't really even protect against online attacks though. Like, if you're going through a list of known accounts, by definition it won't be any of those accounts' first time logging in, right?

And if you're not going through a list of known accounts, good luck getting anywhere with your attack any time this millennia

[–] Tarquinn2049@lemmy.world 15 points 8 months ago (2 children)

This would be per session, not lifetime.

[–] kautau@lemmy.world 2 points 8 months ago

This makes it even more cursed

[–] zalgotext@sh.itjust.works 0 points 8 months ago

Function naming could use some work then, it's not obvious that isFirstLoginAttempt would be session-aware.

Sorry, I'll stop being pedantic now