DelayLockPolicy (HID Approve SDK for Android (5.1.2.2))

Skip navigation links

HID Approve SDK for Android (5.1.2.2)

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- com.hidglobal.ia.service.protectionpolicy.LockPolicy
- - com.hidglobal.ia.service.protectionpolicy.DelayLockPolicy

```
public class DelayLockPolicy
extends LockPolicy
```
An exponential delay is added for each failed authentication attempt using that credential.
In other words, a throttling mechanism in which the user has to wait a short time before attempting another try to prevent a potential attacker from guessing the password.
For each failed attempt a counter is incremented. The delay doubles for each failed attempt, but to avoid creating too much delay the counter value is capped at maxCounter.
This counter is reset on the next successful authentication attempt.
For example, with an initialDelay of 2 seconds and a maxCounter of 6 attempts we have the following:

Attempts Seconds Delay

1 2^1 = 2

2 2^2 = 4

3 2^3 = 8

4 2^4 = 16

5 2^5 = 32

6 or more 2^6 = 64

An attacker trying to brute force the password after the 6th attempt will incur a 1 minute delay for each password attempt.
Therefore based on minimum length 6 with a numeric password policy this could mean 10^6 minutes to find the right password (2 years)

See Also:

NIST recommended mechanism according to SP 800-63-3
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf

Nested Class Summary
- Nested classes/interfaces inherited from class com.hidglobal.ia.service.protectionpolicy.LockPolicy
  LockPolicy.LockType

Constructor Summary

Constructors
Constructor and Description

DelayLockPolicy(int maxCounter, int initialDelay)
Constructor

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`int`	`getInitialDelay()` Returns the initial delay in seconds.
`int`	`getMaxCounterValue()` Returns the maximum counter value after which exponential delay is fixed.
`String`	`toString()` Displays a readable description of the lock policy.

Methods inherited from class com.hidglobal.ia.service.protectionpolicy.LockPolicy
getType

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - DelayLockPolicy
```
public DelayLockPolicy(int maxCounter,
                       int initialDelay)
```
    Constructor
    
    Parameters:
    
    maxCounter - maximum counter value after which exponential delay is fixed
    
    initialDelay - initial delay in seconds
- Method Detail
  - getInitialDelay
```
public int getInitialDelay()
```
    Returns the initial delay in seconds.
    
    Returns:
    
    the maximum counter value after which exponential delay is fixed.
  - getMaxCounterValue
```
public int getMaxCounterValue()
```
    Returns the maximum counter value after which exponential delay is fixed.
    
    Returns:
    
    the maximum counter value after which exponential delay is fixed.
  - toString
```
public String toString()
```
    Displays a readable description of the lock policy.
    
    Overrides:
    
    toString in class Object
    
    Returns:
    
    the string description
    
    See Also:
    
    Object.toString()

Skip navigation links

HID Approve SDK for Android (5.1.2.2)

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright � 2005-2020 HID Global Corporation/ASSA ABLOY AB.