‘Anti Brute Force Resource Metering’
‘The information has been provided by Gunter Ollmann.
The original article can be found at: http://www.ngssoftware.com/papers/NISR-AntiBruteForceResourceMetering.pdf‘
Web-based applications authentication processes are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors.
Resource metering through client-side computationally intensive ‘electronic payments’ can provide an alternative strategy in defending against brute force guessing attacks.’