Quote:
Originally Posted by jeffrey
Show me the server you have set up for someone to brute force and give me a couple days.
|
His server is "unbrutable" because the only combo that gets you in is something like "ksl#59basBZkvlmadA:Abj4090bBZ-biadfmkdf" most likelly, and that defies the purpose of the bruteforce, since if you ONLY had such logins in your user base, you wouldn't need strongbox (or any fancy brute protection systems like pennywize, frog ...). You could protect that with basic auth (where the speed of tries/sec goes considerably higher then when sending complete data through post) and it would never get bruted. So his challenge is stupid to begin with.
But we all know that users don't have such user/pass combos.