Add a delay before code validation

RedMadRobot / PINkman

PINkman is a library to help implementing an authentication by a PIN code in a secure manner. The library derives hash from the user's PIN using Argon2 function and stores it in an encrypted file. The file is encrypted with the AES-256 algorithm in the GCM mode and keys are stored in the AndroidKeystore.

MIT License

85 stars 11 forks source link

Add a delay before code validation #22

Open kitfist0 opened 3 years ago

kitfist0 commented 3 years ago

This is necessary to protect against brute force.

Fi5t commented 2 years ago

@kitfist0 A hashing algorithm takes some time on its own. Thus, an artificial delay isn't necessary as I think. Nevertheless, you can show PoC of successful brute force process and we'll return to this question.