mikker
commented
2 years ago Yes, that's exactly what it does and is supposed to 😊 If somebody wanted to brute-force guess a session token, this drastically increases the time it would (hypothetically) take.
weilandia
Curios about the purpose of this line: https://github.com/mikker/passwordless/blob/876980a9f949aae4bff2d919116e801c56315eac/app/controllers/passwordless/sessions_controller.rb#L45
The comment above suggests it is to prevent brute force attacks, but how does this work? Is it really must meant to slow things down?
Thanks!