Поиcк по сайту by Google


Rambler's Top100
Образование Крыму » Программирование » Professional ASP.NET Security - Jeff Ferguson

Professional ASP.NET Security - Jeff Ferguson

Скачать
Название: Professional ASP.NET Security
Автор: Jeff Ferguson
Категория: Программирование
Тип: Книга
Дата: 06.04.2009 19:39:42
Скачано: 35
Оценка:
Описание: Imagine a hypothetical system that is protected by a numerical password. Users must enter the password in order to access the system. Assuming the malicious user does not find a way to steal the password, they will have to guess the correct password in order to access the system. If our password has only one digit, a malicious user has a 1 in 10 chance to guess the password on their first attempt and will only need 10 guesses to try every possible password. It is pretty obvious that we cannot call this secure. If our password has 2 digits, there will be 100 possible passwords. This means that a malicious user has a 1 in 100 chance of guessing the password correctly on their first chance. If we allow multiple chances to enter the correct password, the chance will improve with each new guess (assuming the attacker has the sense not to enter duplicate passwords). So, on the second guess, their chance is 1 in 99, and on the third guess, their chance is 1 in 98, and so on. If we allow unlimited guesses, the attacker will definitely get the right password within 100 guesses. They will probably get the right password much sooner than that. I think we would all agree that we should not call this a secure system. There are two obvious ways to make this system more secure (that is, to reduce the chances that the correct password can be guessed). Firstly, we can limit the number of guessing users may make. Secondly, we can increase the number of potential passwords. If we set a limit of three attempts to enter the right password (as is common with ATMs, for example), the chances that our two-digit password will be guessed are much reduced. Here's some math that shows the chance of guessing the password in the first three attempts.
Файл: 10.08 МБ
Скачать