brute-force

问题 There are several useful answers on SO regarding prevention of brute forcing a password of a web service by applying throttling. I couldn't find any good numbers though and I have little expertise in this area, so the question is: How many attempts does it usually take to brute-force an average password of 6 or more characters (with no additional knowledge that may help, but taking into account that passwords are probably prone to dictionary attacks) and based on that, what are meaningful

问题 I have this homework assignment to make a recursive method to crack a password of a given length, n (unlimited and unknown!) made of small English letters, a-z ONLY. Here's the class "Password" that creates a random password: import java.util.Random; public class Password { private String _password = ""; public Password(int length) { Random generator = new Random(); for (int i = 0; i < length; ++i) { this._password = this._password + (char) (generator.nextInt(26) + 97); } } public boolean

问题 I'm a beginner in writing code and I've started with Python because it seemed the neatest and the easiest to start with (I currently have Python 3.2). Now I've read some online books and so on about coding in python, I've made some small programs and that's it. But then I wanted to make a program that could brute-force a random password like: PassWord = random.randint(0,9999) I made something that could try random passwords: import random PassWord = str(random.randint(0,9999)) Trial = ' '

问题 Got a read-only file within a zip file which are password protected and I need to extract it to the /tmp directory. I get a CRC-32 error which suggests that the file would be corrupted yet I know it isn't and is in fact a read-only file. Any Suggestions? Error: Traceback (most recent call last): File "/tmp/usercode.py", line 45, in <module> zip.extractall('/tmp',pwd = "piso") File "/usr/lib64/python2.7/zipfile.py", line 1040, in extractall self.extract(zipinfo, path, pwd) File "/usr/lib64

问题 We are trying to create a simple example to test the capabilities of OptaPlanner. In the following we show what we came up with. The problem with our example is that when we are selecting an exhaustive search algorithm for solving the problem, OptaPlanner terminates quickly with the wrong answer, which is always zero, even if zero is not a possible solution available from the ValueRangeProvider. Furthermore the PlanningVariable is not set during solving, as opposed to when local search is

问题 I am taking a course on Cryptography and am stuck on an assignment. The instructions are as follows: The plaintext plain6.txt has been encrypted with DES to encrypt6.dat using a 64-bit key given as a string of 8 characters (64 bits of which every 8th bit is ignored), all characters being letters (lower-case or upper-case) and digits (0 to 9). To complete the assignment, send me the encryption key before February 12, 23.59. Note: I expect to get an 8-byte (64-bits) key. Each byte should

问题 Are there generally accepted tactics for protecting Django applications against this kind of attack? 回答1: django-axes is an existing app for detecting failed login attempts. There is also a more general django-ratelimit. 回答2: You can: Keep track of the failed login attempts and block the attacker after 3 attempts. If you don't want to block then you can log it and present a CAPTCHA to make it more difficult in future attempts. You can also increase the time between login attempts after eached

问题 Are there generally accepted tactics for protecting Django applications against this kind of attack? 回答1: django-axes is an existing app for detecting failed login attempts. There is also a more general django-ratelimit. 回答2: You can: Keep track of the failed login attempts and block the attacker after 3 attempts. If you don't want to block then you can log it and present a CAPTCHA to make it more difficult in future attempts. You can also increase the time between login attempts after eached

问题 I've seen web apps with limitations for user login attempts. Is it a security necessity and, if so, why? For example: you had three failed login attempts, let's try again in 10 minutes!! 回答1: Clarification This is a completion to the other answers. Using a good implemented captcha alongside an anti-bruteforce mechanism using sessions for example. The questioner marked this as accepted assuming that captchas are unreadable by machines (she's almost right) and so it's getting negative points,

问题 This is a graph of the execution speed according to the dimension of the k - d tree and brute-force that I wrote. The number of pointer sets was fixed at 1 M (1,000,000), and Query measured the speed performed 1000 times. The increase in the k - d tree is huge, But brute-force is not. I wonder why these results have come out and how they can be improved. 回答1: Some ideas: The performance may depend a lot on the characteristics of the data. For example, are the data points evenly distributed,