Projects with this topic
Sort by:
-
Keycloak PoW Extension — adds computational PoW (proof-of-work) challenges to login, registration, and password-reset flows. Protects against bot spam and brute-force attacks by requiring clients to solve a light cryptographic puzzle before authenticating. Uses Argon2 (memory-hard, GPU-resistant) or SHA-256, with IP-adaptive difficulty that scales challenge hardness based on per-IP request patterns. Rate state is stored in Infinispan, enabling shared difficulty tracking across clustered Keycloak instances. Deploy as a standard Keycloak SPI plugin — works with any Keycloak 26.6 instance.
Three-layer defense on every submission:
Honeypot — silently rejects bots that auto-fill all form fields Solve-time validation — rejects submissions arriving faster than configured minimum (default 500ms) Hash verification — verifies proof-of-work correctness and prevents nonce replay attacksUpdated
