[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New Whitepaper: Anti Brute Force Resource Metering

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: New Whitepaper: Anti Brute Force Resource Metering
From: Luca Berra <bluca@xxxxxxxxxx>
Date: Fri, 25 Mar 2005 23:03:03 +0100

On Thu, Mar 24, 2005 at 07:33:40PM -0000, Jason W wrote:

In-Reply-To: <20050321182737.81B6B15F507@xxxxxxxxxxxxxxxxxxxx>
Resource metering through client-side computationally intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks.
The first question I had was, Why not just use a turing test. It's simple and, theoretically, only humans can distinguish the passphrase. It requires much less overhead. Obviously this would be used in addition to a password. That's my two cents.


Be certain that your turing test does not rule out certain classes of
humans, eg. a text displayed as an image would be undecipherable by a
blind user.

Regards,
L.

--
Luca Berra -- bluca@xxxxxxxxxx
       Communication Media & Services S.r.l.
/"\
\ /     ASCII RIBBON CAMPAIGN
 X        AGAINST HTML MAIL
/ \

References:
- Re: New Whitepaper: Anti Brute Force Resource Metering
  - From: Jason W

Prev by Date: RE: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook
Next by Date: File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition
Previous by thread: Re: New Whitepaper: Anti Brute Force Resource Metering
Next by thread: iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability
Index(es):
- Date
- Thread