Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Use password manager. If bcrypt has high number of rounds it is pretty normal to have the process a little bit longer
-
@24th-Dragon It's also why it makes sense to delay even correct logins by one or two seconds to that the brute force attacker cannot use the delayed response as shortcut information whether the login has failed.
-
Hazarth95015yWhile I agree with the brute force attack point of view, the more up-to-date concensus is that a BF attack will definitely take well over houndred attempts, even dictionary attacks will take more than 5. So usually the artificial delay should appear only as a result of several incorrect attempts. We have UX even in security!
-
I can add to that - I hate when some stupid site like news site where I want to leave comments asks to register with fucking full name and password requires numbers, special character. Fuck you such site owners. What fuck the attarker will want to steal my commenting account? if if he steals, thats my problem if I used weak password. If I know that account is important for me then I will fukcing chooose strong password.
-
kleopi8735yuse argon2 correctly and it is perfectly normal to take 2s.
you cant short circuit it, thats just part of the hashing system.
maybe just enter the right creds
Related Rants
To all the websites that take more than 2 seconds to figure out whether your username/password combination is correct,
FUCK YOU.
I don't want to watch your sorry ass fucking shitty application server try to figure out if I entered my fucking credentials correctly for 50 fucking seconds since I have to try them multiple times because I have visited your worthless fucking website like once or twice and couldn't remember the password well.
rant