Talk:Testing for Bypassing Authentication Schema (OTG-AUTHN-004) - Revision history

Doktoresperanto: /* Why is it possible to restrict brute force when cookie id goes symmetrically? */

2016-03-03T07:44:35Z

‎Why is it possible to restrict brute force when cookie id goes symmetrically?

2016-03-03T07:43:23Z

‎Why is it possible to restrict brute force when cookie id goes simetrically?: new section

2014-08-05T13:26:02Z

2008-12-07T13:04:15Z

2007-02-05T21:32:49Z

Direct page request image

2007-02-05T21:30:42Z

New page

Can't seem to delete sections 4. It is redundant. Also, there is a mispelling of the word Authentication in the image.

@@ Line 5: / Line 5: @@
 Is it possible to replace the image below Direct Page Request with one that is more intuitive? I'm not exactly sure what the intent of that image was.
-== Why is it possible to restrict brute force when cookie id goes simetrically? ==
+== Why is it possible to restrict brute force when cookie id goes symmetrically? ==
-In Session ID Prediction, document says that "In the following figure, values inside cookies change only partially, so it's possible to restrict a brute force attack to the defined fields shown below." whereas, Session ID goes very simetrically in some part, so it is possible to guess what a sequenced valid cookie is.
+In Session ID Prediction, document says that "In the following figure, values inside cookies change only partially, so it's possible to restrict a brute force attack to the defined fields shown below." whereas, Session ID goes very symmetrically in some part, so it is possible to guess what a sequenced valid cookie is.
 First part of the Session ID increases 1 by 1; second part of the Session id increases almost 10 by 10.
 Am I right?

← Older revision		Revision as of 07:43, 3 March 2016
Line 4:		Line 4:

	Is it possible to replace the image below Direct Page Request with one that is more intuitive? I'm not exactly sure what the intent of that image was.		Is it possible to replace the image below Direct Page Request with one that is more intuitive? I'm not exactly sure what the intent of that image was.
		+
		+	== Why is it possible to restrict brute force when cookie id goes simetrically? ==
		+
		+	In Session ID Prediction, document says that "In the following figure, values inside cookies change only partially, so it's possible to restrict a brute force attack to the defined fields shown below." whereas, Session ID goes very simetrically in some part, so it is possible to guess what a sequenced valid cookie is.
		+	First part of the Session ID increases 1 by 1; second part of the Session id increases almost 10 by 10.
		+	Am I right?

← Older revision		Revision as of 21:32, 5 February 2007
Line 1:		Line 1:
	Can't seem to delete sections 4. It is redundant. Also, there is a mispelling of the word Authentication in the image.		Can't seem to delete sections 4. It is redundant. Also, there is a mispelling of the word Authentication in the image.
		+
		+	== Direct page request image ==
		+
		+	Is it possible to replace the image below Direct Page Request with one that is more intuitive? I'm not exactly sure what the intent of that image was.

← Older revision	Revision as of 13:26, 5 August 2014
(No difference)

← Older revision	Revision as of 13:04, 7 December 2008
(No difference)