![How secure is your password? [880x880 - 1.02MB]](https://pic8.co/sh/zHlpLg.png){kind=link}
One does not brute force everything one character after the other. First you do a dictionary attack. Then a number attack, then a lowercase letter attack. With some stepping to vary approaches as length increases.
One does not brute force everything one character after the other. First you do a dictionary attack. Then a number attack, then a lowercase letter attack. With some stepping to vary approaches as length increases.
Just add a second or so to each login attempt. This is already done by bcrypt, luks and probably most other sane systems that are also "timing attack" safe (research.kudelskisecurity.com).
Just add a second or so to each login attempt. This is already done by bcrypt, luks and probably most other sane systems that are also ["timing attack" safe](https://research.kudelskisecurity.com/2013/12/13/timing-attacks-part-1/).
This works for remote systems. Once you have local access, or the hashed database, all bets are off.
This works for remote systems. Once you have local access, or the hashed database, all bets are off.
True.
True.
first you do these series of attacks that aren't brute force
Did you even read my post?
If that were brute force
Five words in and the context is set. "brute force".
>first you do these series of attacks that aren't brute force
Did you even read my post?
>If that were brute force
Five words in and the context is set. "brute force".
(post is archived)