But it doesn’t though! A typical laptop can easily hold tens of thousands of I/O...

jqpabc123 · on Aug 4, 2022

Who are we kidding here --- most likely, your server can't handle 1000000 simultaneous requests.

My servers don't have enough bandwidth for that. Most of the connections are going to get dropped one way or the other. In my case, they will be intentionally dropped as being a likely denial of service attack.

_3r4f · on Aug 5, 2022

You don't need to keep a connection open assuming this is HTTP. Just send another request.

You're sending two requests either way, it doesn't matter that you're waiting 3s because you can just do it in parallel.

jqpabc123 · on Aug 5, 2022

it doesn't matter that you're waiting 3s because you can just do it in parallel.

A little math for you:

An 8 char password using only letters and numbers has roughly 1 x 10^14 permutations. Just for the sake of argument, let's assume that your server and your service provider can actually handle 1000000 simultaneous, parallel requests from 1000000 different IPs.

It can't unless you're Google or Facebook running your own data centers but for the sake of argument let's just ignore that reality and push on.

To check every possible 8 character password by making 1 million parallel attempts at guessing the password every 3 seconds would take roughly 10 years. Luck being what it is, you'd probably only need to check half of them ... but that would still take 5 years.

Back in reality land, you'll be out of business before 5 years because you can't serve your paying customers. 1000000 parallel requests hitting a run of the mill server is effectively a "denial of service" attack.

In reality land using servers that I run, your 1000000 different IPs would all be banned after about 30 seconds.