Comment Re: There we go again (Score 1) 383
I really don't see how that's true, look at how the thread progressed -
AC1: "[We just need better passwords - eg. a complete sentence]"
AC2: "[That password could be broken by a dictionary attack]"
Desler: "Dictionary attacks can be trivially defeated by [rate] limiting"
Me: "Unless you have the password hash"
Desler: "(Insults)
Me: "[Password hashes are one way only so still need to be attacked, weak passwords are susceptible to brute forcing the hash]"
Desler: "Yes, that's why you stop such attacks by rate limiting and cooldowns and then eventually just ban their IP if they are just obviously an attacker."
Me: "[Rate limiting doesn't apply to brute force cracking of hashes]"
Desler: "(more insults) Of course, this is why you lock the accounts until the user resets the password. Poof that attack vector is now gone."
Seriously, between him throwing insults and going on about rate limiting preventing brute forcing a hash, where have I misread what Desler said?