[tpop3d-discuss] Patch to prevent brute force password cracking
Paul Makepeace
Paul.Makepeace at realprogrammers.com
Wed, 16 Oct 2002 12:48:10 +0100
On Wed, Oct 16, 2002 at 01:35:16PM +0200, Yann GROSSEL wrote:
> - delayed error responses (at least during authentification), to
> prevent an attacker from doing brute force password cracking. That
Cool idea.
FWIW, I'd personally prefer to see it down to a couple of seconds
(rather than five), #define'd somewhere (maybe) and, for style points
and to prevent irritation during debugging, only doing the delay after
the *second (2nd)* authentication failure.
Also FWIW, in practice a single second is enough to prevent a
password attack.
Cheers,
Paul
--
Paul Makepeace ....................................... http://paulm.com/
"If you have an extra dollar, then don't bend over in the Monastery."
-- http://paulm.com/toys/surrealism/