‘Anti Brute Force Resource Metering’

Summary

The below linked whitepaper discusses how resource metering on the client-side, i.e. making him work to make brute forcing computationally feasible, works and the security advantages it can bring.’

Credit:

‘The information has been provided by Gunter Ollmann.
The original article can be found at: http://www.ngssoftware.com/papers/NISR-AntiBruteForceResourceMetering.pdf


Details

Abstract:
Web-based applications authentication processes are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors.

Resource metering through client-side computationally intensive ‘electronic payments’ can provide an alternative strategy in defending against brute force guessing attacks.’

Categories: Reviews