tpop3d-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tpop3d-discuss] Patch to prevent brute force password cracking

From: Paul Makepeace
Subject: Re: [tpop3d-discuss] Patch to prevent brute force password cracking
Date: Wed, 16 Oct 2002 12:48:10 +0100
User-agent: Mutt/1.4i 
On Wed, Oct 16, 2002 at 01:35:16PM +0200, Yann GROSSEL wrote:
> - delayed error responses (at least during authentification), to
> prevent an attacker from doing brute force password cracking. That

Cool idea.

FWIW, I'd personally prefer to see it down to a couple of seconds
(rather than five), #define'd somewhere (maybe) and, for style points
and to prevent irritation during debugging, only doing the delay after
the *second (2nd)* authentication failure.

Also FWIW, in practice a single second is enough to prevent a
password attack.

Cheers,
Paul


-- 
Paul Makepeace ....................................... http://paulm.com/

"If you have an extra dollar, then don't bend over in the Monastery."
   -- http://paulm.com/toys/surrealism/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]