Brute force upon Source return?

[elpistoleroronaldo]

I've installed Globaleaks and judge it as nearly being ready for some clients - just a couple of questions about brute force prevention when a source returns to see the admin's response to their submission.

What do you have preventing attempts at brute forcing the access code for returning sources? Are you counting unsuccessful attempts or is the a check digit present or both?

I know my first couple of clients will be asking just this question when they see the walk-thru. Sorry, I DID attempt to search for the answer before I wrote in. Thanks for publishing such a great product. I see you are entirely clear of CVE listings and SecureDrop has 3 - 2 just from this year! Congrats on that!

Kindest Regards,

Ron

[evilaliv3]

Thank you Ron for your question.

GlobaLeaks implements many protection and rate limiting but here i summarize the main detail that makes bruteforcing unfeasible by design.

Receipts to be used need to be hashed with the Argon2id algoritm set to require 1 second of computation on the average computer and 128MB of RAM during the computation.
This means that for example performing 10 attempts per seconds requires having 1GB of RAM that is a big requirement.

You could read more details here: https://docs.globaleaks.org/en/stable/security/ApplicationSecurity.html