11-12-2017, 12:59 PM
The patch was issued in 4.2.12 and in 4.3. I'd love for you to take a look at it. Here's my math on the new vericode...
To give you an idea, the current 6 digit numeric vericode could have been brute forced at 18.52 mins online (with a rate of 1000 guesses per second hitting your webserver, on average they would get in at 9.26 minutes). The new code takes 4.01 trillion centuries at 1000 guesses a second. Even a massive attack of 100 Trillion guesses a second would take 40.08 centuries.
User banning after too many vericode attempts is coming soon. We're just trying to stabilize 4.3 as a whole.
Thanks so much for your help!
To give you an idea, the current 6 digit numeric vericode could have been brute forced at 18.52 mins online (with a rate of 1000 guesses per second hitting your webserver, on average they would get in at 9.26 minutes). The new code takes 4.01 trillion centuries at 1000 guesses a second. Even a massive attack of 100 Trillion guesses a second would take 40.08 centuries.
User banning after too many vericode attempts is coming soon. We're just trying to stabilize 4.3 as a whole.
Thanks so much for your help!