multipaz-csa/org.multipaz.securearea.cloud/PassphraseFailureEnforcer

PassphraseFailureEnforcer

interface PassphraseFailureEnforcer

An interface for enforcing policy when a client fails to provide the right passphrase.

The main purpose of this interface is to prevent an attacker from guessing a passphrase by brute-forcing guessing. It does so by recording failed passphrase events and using past events to determine if the user is locked out and for how long.

This can be implemented in various ways, see SimplePassphraseFailureEnforcer for the trivial non-persistent non-distributed version.

Inheritors

Functions

Link copied to clipboard
abstract fun isLockedOut(clientId: String): Duration?

Checks of a client is locked out because off to many failed passphrase attempts.

Link copied to clipboard
abstract fun recordFailedPassphraseAttempt(clientId: String)

Records when an incorrect passphrase has been provided.