[{"data":1,"prerenderedAt":266},["ShallowReactive",2],{"term-b\u002Fbrute-force":3,"related-b\u002Fbrute-force":251},{"id":4,"title":5,"acronym":6,"body":7,"category":233,"description":234,"difficulty":235,"extension":236,"letter":237,"meta":238,"navigation":82,"path":239,"related":240,"seo":245,"sitemap":246,"stem":249,"subcategory":6,"__hash__":250},"terms\u002Fterms\u002Fb\u002Fbrute-force.md","Brute Force",null,{"type":8,"value":9,"toc":227},"minimark",[10,15,19,23,26,30,216,220,223],[11,12,14],"h2",{"id":13},"eli5-the-vibe-check","ELI5 — The Vibe Check",[16,17,18],"p",{},"Brute force is the dumbest but sometimes effective hacking technique — just try every possible password until one works. No creativity needed. Hackers use bots that can try millions of combinations per second. Rate limiting, account lockouts, and long passwords are the defense.",[11,20,22],{"id":21},"real-talk","Real Talk",[16,24,25],{},"A brute force attack systematically tries all possible input combinations to find a valid credential or key. Online brute force targets login forms; offline brute force cracks stolen password hashes. Defenses include rate limiting, account lockout, CAPTCHA, MFA, and strong password policies.",[11,27,29],{"id":28},"show-me-the-code","Show Me The Code",[31,32,37],"pre",{"className":33,"code":34,"language":35,"meta":36,"style":36},"language-javascript shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","\u002F\u002F Rate limit login attempts with express-rate-limit\nimport rateLimit from 'express-rate-limit';\n\nconst loginLimiter = rateLimit({\n  windowMs: 15 * 60 * 1000, \u002F\u002F 15 minutes\n  max: 5, \u002F\u002F 5 attempts per window\n  message: 'Too many login attempts, try again in 15 minutes',\n});\napp.post('\u002Flogin', loginLimiter, loginHandler);\n","javascript","",[38,39,40,49,77,84,107,138,154,172,183],"code",{"__ignoreMap":36},[41,42,45],"span",{"class":43,"line":44},"line",1,[41,46,48],{"class":47},"sHwdD","\u002F\u002F Rate limit login attempts with express-rate-limit\n",[41,50,52,56,60,63,67,71,74],{"class":43,"line":51},2,[41,53,55],{"class":54},"s7zQu","import",[41,57,59],{"class":58},"sTEyZ"," rateLimit ",[41,61,62],{"class":54},"from",[41,64,66],{"class":65},"sMK4o"," '",[41,68,70],{"class":69},"sfazB","express-rate-limit",[41,72,73],{"class":65},"'",[41,75,76],{"class":65},";\n",[41,78,80],{"class":43,"line":79},3,[41,81,83],{"emptyLinePlaceholder":82},true,"\n",[41,85,87,91,94,97,101,104],{"class":43,"line":86},4,[41,88,90],{"class":89},"spNyl","const",[41,92,93],{"class":58}," loginLimiter ",[41,95,96],{"class":65},"=",[41,98,100],{"class":99},"s2Zo4"," rateLimit",[41,102,103],{"class":58},"(",[41,105,106],{"class":65},"{\n",[41,108,110,114,117,121,124,127,129,132,135],{"class":43,"line":109},5,[41,111,113],{"class":112},"swJcz","  windowMs",[41,115,116],{"class":65},":",[41,118,120],{"class":119},"sbssI"," 15",[41,122,123],{"class":65}," *",[41,125,126],{"class":119}," 60",[41,128,123],{"class":65},[41,130,131],{"class":119}," 1000",[41,133,134],{"class":65},",",[41,136,137],{"class":47}," \u002F\u002F 15 minutes\n",[41,139,141,144,146,149,151],{"class":43,"line":140},6,[41,142,143],{"class":112},"  max",[41,145,116],{"class":65},[41,147,148],{"class":119}," 5",[41,150,134],{"class":65},[41,152,153],{"class":47}," \u002F\u002F 5 attempts per window\n",[41,155,157,160,162,164,167,169],{"class":43,"line":156},7,[41,158,159],{"class":112},"  message",[41,161,116],{"class":65},[41,163,66],{"class":65},[41,165,166],{"class":69},"Too many login attempts, try again in 15 minutes",[41,168,73],{"class":65},[41,170,171],{"class":65},",\n",[41,173,175,178,181],{"class":43,"line":174},8,[41,176,177],{"class":65},"}",[41,179,180],{"class":58},")",[41,182,76],{"class":65},[41,184,186,189,192,195,197,199,202,204,206,209,211,214],{"class":43,"line":185},9,[41,187,188],{"class":58},"app",[41,190,191],{"class":65},".",[41,193,194],{"class":99},"post",[41,196,103],{"class":58},[41,198,73],{"class":65},[41,200,201],{"class":69},"\u002Flogin",[41,203,73],{"class":65},[41,205,134],{"class":65},[41,207,208],{"class":58}," loginLimiter",[41,210,134],{"class":65},[41,212,213],{"class":58}," loginHandler)",[41,215,76],{"class":65},[11,217,219],{"id":218},"when-youll-hear-this","When You'll Hear This",[16,221,222],{},"\"The login endpoint was getting brute forced — add rate limiting.\" \u002F \"A 12-character random password takes centuries to brute force.\"",[224,225,226],"style",{},"html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":36,"searchDepth":51,"depth":51,"links":228},[229,230,231,232],{"id":13,"depth":51,"text":14},{"id":21,"depth":51,"text":22},{"id":28,"depth":51,"text":29},{"id":218,"depth":51,"text":219},"security","Brute force is the dumbest but sometimes effective hacking technique — just try every possible password until one works. No creativity needed.","beginner","md","b",{},"\u002Fterms\u002Fb\u002Fbrute-force",[241,242,243,244],"Authentication","Two-Factor Authentication","DDoS","Password Manager",{"title":5,"description":234},{"changefreq":247,"priority":248},"weekly",0.7,"terms\u002Fb\u002Fbrute-force","1CjKmnhY7HChihMW2wCXnUSaujcD-MKphLaxNHdhqfc",[252,256,259,262],{"title":241,"path":253,"acronym":254,"category":233,"difficulty":235,"description":255},"\u002Fterms\u002Fa\u002Fauthentication","AuthN","Authentication is proving you are who you say you are.",{"title":243,"path":257,"acronym":243,"category":233,"difficulty":235,"description":258},"\u002Fterms\u002Fd\u002Fddos","DDoS (Distributed Denial of Service) is when thousands of computers flood your server with so much fake traffic that it can't handle real users.",{"title":244,"path":260,"acronym":6,"category":233,"difficulty":235,"description":261},"\u002Fterms\u002Fp\u002Fpassword-manager","A password manager remembers all your passwords so you don't have to reuse the same one everywhere.",{"title":242,"path":263,"acronym":264,"category":233,"difficulty":235,"description":265},"\u002Fterms\u002Ft\u002Ftwo-factor-authentication","2FA","2FA means you need two things to log in: something you know (password) and something you have (your phone).",1776518261483]