Memes

45187 readers

1429 users here now

Rules:

Be civil and nice.
Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago

MODERATORS

[email protected]

1018

Brute force protection (rytter.me)

submitted 6 months ago by [email protected] to c/[email protected]

111 comments fedilink hide all child comments

Brute force protection

@memes

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 17 points 6 months ago* (last edited 6 months ago) (2 children)

The logic is bugging me, though. It should be if isFirstAttempt || !isPasswordCorrect

I understand the meme is trying to convey in spite of being correct to still return an error, but then it doesn't account for when the password is actually incorrect.

[–] [email protected] 48 points 6 months ago* (last edited 6 months ago)

That defeats the brute-force attack protection…

The idea is that brute-force attackers will only check each password once, while real users will likely assume they mistyped and retype the same password.

The code isn’t complete, and has nothing to do with actually incorrect passwords.

[–] [email protected] 17 points 6 months ago (1 children)

Like the other person said, it's not meant to always fail the first time you enter any password.

It is meant to fail the first time you enter the correct password.

[–] [email protected] 1 points 6 months ago

So it should be: if password == correct and first_success == true then { login failure; first_success = false }

Something like that.