I'm pretty new at Ruby, Rails, and Authlogic, but I've got Authlogic installed, login in and out is fine, but I went to set up Authlogic's brute force protection feature and it won't work... Here's my app/models/user_session.rb: class UserSession < Authlogic::Session::Base consecutive_failed_logins_limit 3 failed_login_ban_for ...
Bear with me, I have been only learning PHP for only a few weeks, so example code may confuse me. I think I finally understand salting! It's to protect passwords inside database, if breached. What I don't understand is, why would a hacker have to crack hashes if they are trying to figure out a user's password (assuming that's their goal...
An implementation of a brute-force algorithm to solve Sudoku puzzles fails if a cell is discovered in which placing any of the digits 1-9 would be an illegal move. The implementation is written in C, with the board represented by a 9x9 array. The solver counts down from 9 until a legal number's reached, and if none can be reached, it ou...
I just read an article saying that passwords with 7 characters are no longer safe. However, if the server increases the time to retry a login attempt after each login attempt, then brute force attacks are useless. How do you create such logic in asp.net? Somehow I guess the server side code needs to remember the ip-address that tried to ...
Another simple question from silly old me. We keep hearing big numbers being thrown around, for example the key: 234234-234WEF-ER334AS-3535FWF Would take 20 billion gabizillion years for anyone to crack. Could someone explain how you even know when you have cracked it? If you have permutated a trillion combinations how do you know...
I am doing a security presentation for my Computer and Information Security course in a few weeks time, and in this presentation I will be demonstrating the pros and cons of different attacks (dictionary, rainbow and bruteforce). I am do the dictionary and rainbow attacks fine but I need to generate the bruteforce attack on the fly. I ne...
How can i ban incorrect login-attempts to the plesk webinterface by using fail2ban to prevent brute-force attacks ? . ...
I have a problem with describing algorithm for finding maximum rectangular area of binary data, where 1 occurs k-times more often than 0. Data is always n^2 bits like this: For example data for n = 4 looks like: 1 0 1 0 0 0 1 1 0 1 1 1 1 1 0 1 Value of k can be 1 .. j (k = 1 means, that number of 0 and 1 is equal). For abov...
A friend gave me a challenge: he encrypted a string using PHP's crypt function (CRYPT_STD_DES) (from PHP4). I know the salt used to encrypt, and as crypt is a one-way algorithm I must use brute-force method, and I know that passwords only consist of lower-case letters. Now, I have machine with 16 cores (2x Xeon), and lots of RAM. What i...
I've notice some strange behaviour on my Drupal site. I like to understand the data I'm looking at before I take action so that I don't waste time pursuing the wrong measures, but I'm lacking security knowledge to interpret. A single account has made many odd repeat requests, including attempting to reach the edit profile page, logging...
I'm currently experimenting with both public-key and personal file encryption. The programs I use have 2048 bit RSA and 256 bit AES level encryption respectively. As a newbie to this stuff (I've only been a cypherpunk for about a month now - and am a little new to information systems) I'm not familiar with RSA algorithms, but that's not ...
I want the user to enter a 4 digit number and the program must tell what that 4 digit number was i.e generate that 4 digit number by Brute force attack.But at the line mentioned below the compiler says invalid indirection.I would also like to have some comments about they way I am implementing it,is it a good practise? #include<stdio.h>...