Re: New Whitepaper: Anti Brute Force Resource Metering

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: New Whitepaper: Anti Brute Force Resource Metering
From: Jason W <bugtraq@xxxxxxxxxxxxxxxxxx>
Date: 24 Mar 2005 19:33:40 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <20050321182737.81B6B15F507@xxxxxxxxxxxxxxxxxxxx>


>Resource metering through client-side computationally intensive "electronic
>payments" can provide an alternative strategy in defending against brute
>force guessing attacks.  


The first question I had was,
Why not just use a turing test. It's simple and, theoretically, only humans can 
distinguish the passphrase. It requires much less overhead. Obviously this 
would be used in addition to a password. That's my two cents.

Follow-Ups:
- Re: New Whitepaper: Anti Brute Force Resource Metering
  - From: Luca Berra
- Re: New Whitepaper: Anti Brute Force Resource Metering
  - From: Joachim Schipper

Prev by Date: SUSE Security Announcement: MySQL vulnerabilities (SUSE-SA:2005:019)
Next by Date: [USN-100-1] cdrecord vulnerability
Previous by thread: Re: New Whitepaper: Anti Brute Force Resource Metering
Next by thread: Re: New Whitepaper: Anti Brute Force Resource Metering
Index(es):
- Date
- Thread