[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: login sleeps too long on incorrect logins...

To: Daniel Grunblatt <daniel@grunblatt.com.ar>
Subject: Re: login sleeps too long on incorrect logins...
From: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>
Date: Mon, 4 Jun 2001 16:31:09 +0200
Cc: tech@openbsd.org
References: <011001c0ecfb$6454f650$b503000a@STEALTH> <Pine.LNX.4.10.10106041110400.15339-100000@ambar.ofermundo.com.ar>

so what? it's random in range 1..3 seconds. but at the same time
crypt(3) takes less than 0.2 seconds. so login on wrong usernames login
sleeps for 5 times more than on good usernames. that's the thing to
consider. if you talk about delaying agains brute force login does it no
matter good or bad username is.

On Mon, Jun 04, 2001 at 11:11:34AM -0300, Daniel Grunblatt wrote:
> No pal, it's a random time.
> 

-- 
Denis A. Doroshenko  [GPRS/IN/WAP, VAS group engineer] .-.        _|_  |
[Omnitel Ltd., T.Sevcenkos st. 25, Vilnius, Lithuania] | | _ _  _ .| _ |
[Phone: +370 9863486 E-mail: d.doroshenko@omnitel.net] |_|| | || |||(/_|_

Follow-Ups:
- Re: login sleeps too long on incorrect logins...
  - From: Daniel Grunblatt <daniel@grunblatt.com.ar>

References:
- Re: login sleeps too long on incorrect logins...
  - From: "Tony Lambiris" <tlambiris@skillsoft.com>
- Re: login sleeps too long on incorrect logins...
  - From: Daniel Grunblatt <daniel@grunblatt.com.ar>

Prev by Date: Re: login sleeps too long on incorrect logins...
Next by Date: Re: Network configuration
Prev by thread: Re: login sleeps too long on incorrect logins...
Next by thread: Re: login sleeps too long on incorrect logins...
Index(es):
- Date
- Thread