|
|
|
|
|
|
by Anunayj
1275 days ago
|
|
|
> but after 10 guesses the pin is reset? that does little to counter the real problem, as the chance of successfully guessing the pin on first try is still 1/1e5, which gives ~69k attempts for a 50% chance of correctly guess that pin, Which is like ~2 hr at 10 pin attempts/second. Having request throttling helps tremendously, but shouldn't be the only deterrence in place. Moreover it should be implemented in a way that it does not become a way for DoS attacks. |
|
|