undefined | Better HN

0 pointscharrondev3y ago0 comments

Isn’t something paraphrase hashing something that should be heavily rate limited?

In order to DoS your typical site through passphrase hashing you would need to be:

- have a ton of valid usernames/emails of accounts that need to be checked (because a typical password check will rate limit by account) - send in a massive torrent of traffic from a ton of IP addresses (because a typical password check will be rate limited by IP, even more than typical IP based rate limiting)

While this is not impossible if you had those resources it still might be easier to just DoS the site though standard pages/ endpoints by sheer traffic.

0 comments

1 comments · 1 top-level

roflyear3y ago

Correct microservices don't magically prevent DDOS attacks. They can actually make things much worse.

j / k navigate · click thread line to collapse