[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tpop3d-discuss] Patch to prevent brute force password cracking
|
From: |
Yann GROSSEL |
|
Subject: |
[tpop3d-discuss] Patch to prevent brute force password cracking |
|
Date: |
Wed, 16 Oct 2002 13:35:16 +0200 |
Hi,
I'm looking for a new pop server to replace our aging qpopper,
and I found that tpop3d seems to be really nice. However there
are a few things I'd like to see in the pop daemon we'll use
that tpop3d lacks for the moment :
- delayed error responses (at least during authentification), to
prevent an attacker from doing brute force password cracking. That
is, once an user has attempted a wrong APOP or USER/PASS command,
the ERR answer doesn't come immediately, but only after a few seconds.
I've done a quick (attached) patch that do the thing. I'd like to
know what do you think about such a feature, and about my implementation ?
- multiple mysql servers (we'll be using a mysql cluster). I've
seen that this feature has been added to the TODO file in CVS and
I'm willing to implement it. I've already done a small patch that
seem to work but it still has a few problems. I'll keep working on
it.
Thanks in advance for your feedback :)
Yann GROSSEL
tpop3d-CVS-delayed-responses.patch
Description: Binary data
- [tpop3d-discuss] Patch to prevent brute force password cracking,
Yann GROSSEL <=