multipaz-csa/org.multipaz.securearea.cloud/SimplePassphraseFailureEnforcer

SimplePassphraseFailureEnforcer

class SimplePassphraseFailureEnforcer(val lockoutNumFailedAttempts: Int = 3, val lockoutDuration: Duration = 60.seconds, clockFunction: () -> Instant = { Clock.System.now() }) : PassphraseFailureEnforcer

A simple non-distributed and non-persistent PassphraseFailureEnforcer.

The policy implemented is that the client is locked out if N failed passphrase attempts has been recorded in the last M seconds.

Assuming the passphrase is a 7-digit numeric PIN, this means that no more than N PIN guesses can be done in M seconds. For N=3 and M=60 seconds, this translates into a maximum of three guesses per minute meaning the probability to guess the PIN in one minute is 3 in 10 million. The time to try all 10 million combinations is just over 6 years and 4 months.

The data is kept in memory only and not persisted so this is not appropriate to use in a production environment.

Parameters

lockoutNumFailedAttempts

the number of failed passphrase attempts before a client is locked out.

lockoutDuration

the duration of the period to consider.

clockFunction

a function to give the current time (used only for unit tests).

Constructors

Link copied to clipboard
constructor(lockoutNumFailedAttempts: Int = 3, lockoutDuration: Duration = 60.seconds, clockFunction: () -> Instant = { Clock.System.now() })

Properties

Link copied to clipboard
Link copied to clipboard

Functions

Link copied to clipboard
open override fun isLockedOut(clientId: String): Duration?

Checks of a client is locked out because off to many failed passphrase attempts.

Link copied to clipboard
open override fun recordFailedPassphraseAttempt(clientId: String)

Records when an incorrect passphrase has been provided.