[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

login sleeps too long on incorrect logins...

To: tech@openbsd.org
Subject: login sleeps too long on incorrect logins...
From: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>
Date: Mon, 4 Jun 2001 14:59:26 +0200

hello, not once i noticed, that login sleeps too long on incorrect
logins (bad username). it is noticeably longer than failure for account
when bad password is supplied. as i see from src/usr.bin/login/login.c
it is simple sleep with random time (1..3 secs). wouldn't it better to
try encrypt some random string with crypt(3) to get delay emulating the
pause? just because on my 486 this pause is ok, but on my celeron 300 i
can clearly distinct between non-existing user and bad-password
incorrect logins...

-- 
Denis A. Doroshenko  [GPRS/IN/WAP, VAS group engineer] .-.        _|_  |
[Omnitel Ltd., T.Sevcenkos st. 25, Vilnius, Lithuania] | | _ _  _ .| _ |
[Phone: +370 9863486 E-mail: d.doroshenko@omnitel.net] |_|| | || |||(/_|_

Follow-Ups:
- Re: login sleeps too long on incorrect logins...
  - From: Daniel Grunblatt <daniel@grunblatt.com.ar>

Prev by Date: no audio[1-9]? [MAKEDEV changes 'tween 2.8 and 2.9]
Next by Date: Re: login sleeps too long on incorrect logins...
Prev by thread: no audio[1-9]? [MAKEDEV changes 'tween 2.8 and 2.9]
Next by thread: Re: login sleeps too long on incorrect logins...
Index(es):
- Date
- Thread