Island: Remove throttle and make OTP 16 characters instead

monkey/monkey_island/cc/services/authentication_service/authentication_facade.py

@@ -1,7 +1,6 @@
 import string
 import time
 from threading import Lock
-from time import sleep
 from typing import Sequence, Tuple
 
 from flask_security import UserDatastore
@@ -16,10 +15,8 @@
 from .i_otp_repository import IOTPRepository
 from .user import User
 
-# With these parameters, the change to guess the OTP is 1 in 39 708 307 (if network latency is 0)
 OTP_EXPIRATION_TIME = 2 * 60  # 2 minutes
-OTP_THROTTLE_TIME = 0.001
-OTP_LENGTH = 7
+OTP_LENGTH = 16
 
 
 class AuthenticationFacade:
@@ -115,8 +112,6 @@ def authorize_otp(self, otp: OTP) -> bool:
         # SECURITY: This method must not run concurrently, otherwise there could be TOCTOU errors,
         # resulting in an OTP being used twice.
         with self._otp_read_lock:
-            # Add a small throttle to prevent brute force attacks
-            sleep(OTP_THROTTLE_TIME)
             try:
                 otp_is_used = self._otp_repository.otp_is_used(otp)
                 # When this method is called, that constitutes the OTP being "used".