[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tpop3d-discuss] Patch to prevent brute force password cracking
From: |
Paul Makepeace |
Subject: |
Re: [tpop3d-discuss] Patch to prevent brute force password cracking |
Date: |
Wed, 16 Oct 2002 12:48:10 +0100 |
User-agent: |
Mutt/1.4i |
On Wed, Oct 16, 2002 at 01:35:16PM +0200, Yann GROSSEL wrote:
> - delayed error responses (at least during authentification), to
> prevent an attacker from doing brute force password cracking. That
Cool idea.
FWIW, I'd personally prefer to see it down to a couple of seconds
(rather than five), #define'd somewhere (maybe) and, for style points
and to prevent irritation during debugging, only doing the delay after
the *second (2nd)* authentication failure.
Also FWIW, in practice a single second is enough to prevent a
password attack.
Cheers,
Paul
--
Paul Makepeace ....................................... http://paulm.com/
"If you have an extra dollar, then don't bend over in the Monastery."
-- http://paulm.com/toys/surrealism/