A slower login system is much harder to break into with a brute force attack than a fast one.
If your login system takes 0.1 seconds to say whether the credentials were correct, a hacker could try 36,000 username and password combinations per hour per HTTP connection. If your login system took 5 seconds to return a response, only 720 combinations could be tried per hour per HTTP connection.
In ASP.Net, the following function will make your script pause for 5 seconds...
Threading.Thread.Sleep(5000)
If you're not happy with slowing down your login system for legitimate users, you could modify your script to only pause if the password was incorrect. Just don't tell anyone that's what you're doing!
No comments:
Post a Comment