Re: Searching for a special challenge&response algorithm

Mr. Unruh is right. You're making this problem needlessly
complex/imagining a problem that is hardly there.

Server side, only accept an authentication request PER ACCOUNT once
every thirty seconds. In other words, each user needs his OWN private
authentication key. The server will only accept one authentication
request PER ACCOUNT / PER KEY every thirty seconds.

If you are trying to consider an account where multiple users are using
the same key, then your security problem is already bigger than a
simple brute force attack. However, if you NEED this to be the case,
then yes, as Mr. Moreno goes on to say: block per IP. One thousand
connections would require one thousand IPs.
Received on Mon May 1 02:06:38 2006