[wp-hackers] Implications of failure to change 'unique' keys and salts

Abdussamad Abdurrazzaq abdussamad at abdussamad.com
Fri Oct 26 15:38:31 UTC 2012


The target web server would also have to respond equally fast for that 
to work.

On 10/26/2012 08:34 PM, Gavin Pearce wrote:
>> According to the site you linked to you can brute force login if you
> try continuously for a week. So not exactly "at will".
>
> Just to clarify on that specific point: The '1 week' figure was based on
> 30 requests a second. Would be relatively trivial for someone with a
> little more computing `bandwidth` to increase this figure to a more
> substantial rate.
>
> G
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>




More information about the wp-hackers mailing list