Yesterday I had to program something to prevent brute forcing passwords in the app I'm working on, 2 years ago I programmed something like that that used the users ip to see how many attempts someone had tried, but that was when I was just starting, this time I know better and if someone is going to brute force a password chances are he might change its ip, so I had to think of something different, that and since legitimate users work with the same ip it could punish other users.
So my solution was to store the the user name and password in two variables and see how many attempts each had, this works when some one uses the same user name and different passwords, or the same password and different usernames (targeting easy to guess passwords), so with each attempt I put the application to sleep for a time before sending the response, between 3 and 14 attempts the app will sleep between 1.5 and 7 seconds, after that till 29 it will sleep like a max of 15 seconds, and after that it will sleep 1 second for each attempt, although not receiving data after 30 seconds sends an error.
I feel very happy because of this since I didn't had to look for anything and did it by myself, well, I had to look for how the sleep function worked, and it almost worked at the first attempt (a few minor mistakes that where quickly resolved).
So yeah, after two years of programming I feel very comfortable at what I do, although I know there is so much more to learn, and many many things that I will have to learn at this job like programming a Raspberry Pi, so I need to learn python now, I'll probably have to re learn some electronics too for this project, and I'm looking forward to it, I saw the prototype for a project my boss is working on (with a Raspberry Pi), and it make me feel like when I was a kid with my screw driver disassembling my Nintendo and putting it back, lol.
No comments:
Post a Comment