Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set bound on online dictionary attacks on weave password #837

Closed
rade opened this issue Jun 3, 2015 · 0 comments
Closed

set bound on online dictionary attacks on weave password #837

rade opened this issue Jun 3, 2015 · 0 comments
Assignees
@rade
Labels
feature
Milestone
1.0.0

Comments

@rade
Copy link
Member

rade commented Jun 3, 2015

Extracted from #641 (comment)

No need to get fancy here, implementing any sort of complicated rate limiting logic, or aiming for precision. A simple sleep between accepts should do the trick.
@rade rade added the feature label Jun 3, 2015
@rade rade added this to the next milestone Jun 3, 2015
@rade rade mentioned this issue Jun 3, 2015
Merged
rade added a commit to rade/weave that referenced this issue Jun 3, 2015
@rade
limit acceptance rate on peer connections
0dde278 
The main purpose of this is to set an upper bound on the rate at which
an attacker might execute a brute force attack on the weave password.

No need to get clever or precise here.

Closes weaveworks#837.
@rade rade self-assigned this Jun 3, 2015
rade added a commit to rade/weave that referenced this issue Jun 4, 2015
@rade
limit acceptance rate on peer connections
044992e 
The main purpose of this is to set an upper bound on the rate at which
an attacker might execute a brute force attack on the weave password.

No need to get clever or precise here.

Closes weaveworks#837.
bboreham added a commit that referenced this issue Jun 4, 2015
@bboreham
Merge pull request #839 from rade/837_tcp_accept_delay
62bbaf5 
LGTM. Closes #837
@rade rade changed the title set bound on brute force attacks on weave password set bound on online dictionary attacks on weave password Jun 10, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rade rade

Labels
feature
Projects
None yet
Milestone
1.0.0
Development

No branches or pull requests
1 participant
@rade