Page 1 of 1

login sleep

Posted: Tue Oct 22, 2002 1:23 pm
by Zoram
I was reading in the php manual about the sleep() function and people were talking about using it for login... how does that work exactly? Where would i use it?

try here

Posted: Tue Oct 22, 2002 1:56 pm
by phpScott
http://www.php.net is in my opinion the best online resource for explaining php functions and the like. Of course here is even better because you can get real explantions to specific problems :D
try here
http://www.php.net/manual/en/function.sleep.php

Re: login sleep

Posted: Tue Oct 22, 2002 2:14 pm
by Zoram
Zoram wrote:I was reading in the php manual about the sleep() function and people were talking about using it for login... how does that work exactly? Where would i use it?
lol, yeah, i was curious about a little more in depth about how i would implement this in the login process :)

sorry

Posted: Tue Oct 22, 2002 3:31 pm
by phpScott
sorry i missed the php manual stuff. I have never used it so I won't be of any help. :?

Posted: Tue Oct 22, 2002 3:52 pm
by volka
brute force password attacks use a massive amounts of login attemps.
If one attempt takes 0.1 seconds a hacker can try more combinations compared with a 0.1 seconds+sleep(1) interval for login responses.
i.e.

Code: Select all

<?php
sleep(1);
if (checkLogin($_POSTї'login'], $_POSTї'pass'])
   loggedIn();
else
   loginFailed();
...
this will delay each login attempt wether it is successful or not giving no clue to a hacker.