Skip to content
Snippets Groups Projects
Unverified Commit 6f751d01 authored by Joas Schilling's avatar Joas Schilling
Browse files

Make the throttling O(2^n) instead of O(n^n) 


Signed-off-by: default avatarJoas Schilling <coding@schilljs.com>
parent 64539a6e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/private/Security/Bruteforce/Throttler.php
+ 9
9
View file @ 6f751d01
......@@ -53,6 +53,7 @@ use OCP\Security\Bruteforce\MaxDelayReached;
class Throttler {
public const LOGIN_ACTION = 'login';
public const MAX_DELAY = 25;
public const MAX_ATTEMPTS = 10;
/** @var IDBConnection */
private $db;
......@@ -260,18 +261,17 @@ class Throttler {
return 0;
}
$maxDelay = self::MAX_DELAY;
$firstDelay = 0.1;
if ($attempts > (8 * PHP_INT_SIZE - 1)) {
if ($attempts > self::MAX_ATTEMPTS) {
// Don't ever overflow. Just assume the maxDelay time:s
$firstDelay = $maxDelay;
} else {
$firstDelay *= pow(2, $attempts);
if ($firstDelay > $maxDelay) {
$firstDelay = $maxDelay;
}
return self::MAX_DELAY;
}
$delay = $firstDelay * 2**$attempts;
if ($delay > self::MAX_DELAY) {
return self::MAX_DELAY;
}
return (int) \ceil($firstDelay * 1000);
return (int) \ceil($delay * 1000);
}
/**
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment