Skip to Content.
Sympa Menu

assurance - RE: [Assurance] Failed Authentication Counter Strawman

Subject: Assurance

List archive

RE: [Assurance] Failed Authentication Counter Strawman

Chronological Thread 
  • From: Eric Goodman <>
  • To: "" <>
  • Subject: RE: [Assurance] Failed Authentication Counter Strawman
  • Date: Fri, 31 May 2013 22:49:16 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=neutral (message not signed) header.i=none

I like your proposal.

I hadn't realized 800-63-1 changed the requirements and their arguments
against simple counters are interesting. I think you address the first and
the last very well, I had some additional thoughts on the second one:

"The approach is a single point of failure."

In addition to the points you make countering this statement:

* If the failure is a failure to send current statistics to the central
"counter", as long as the problem doesn't persist for more than 72 hours and
you can resync the counts before the 72 hour timeframe is up, you wouldn't
need to stop asserting the IAQ.

* You can still implement rate-limiters at the individual authenticators
(i.e., limited login attempts/unit time). At the end of any such outage, if
stats from the outage period were unavailable, you could simply increment all
of your users' counters by the maximum possible attempt rate * duration of
the outage.

I can envision other attacks that would allow someone to bypass a central
counter (e.g., compromising the count database, modifying the authenticator
logs before they are written out), but those kinds of attacks are probably so
intrusive that brute force limit being exceeded is the least of your worries.

--- Eric

-----Original Message-----

On Behalf Of Benn Oshrin
Sent: Friday, May 31, 2013 2:52 PM

Subject: [Assurance] Failed Authentication Counter Strawman

As mentioned on a couple of previous calls, I've been interested in a
solution for counting failed authentication attempts. I've drafted a
strawman, available for review at

I'd be interested in comments and feedback, and assuming no fatal flaw, I'd
also be interested if anyone else is considering a similar approach.



Archive powered by MHonArc 2.6.16.

Top of Page