[Freeciv-Dev] Re: client/server authentication (PR#1767)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Wed, Jun 04, 2003 at 10:01:24AM -0700, Reinier Post wrote:
> > > I didn't test the patch yet but this sounds wrong. There shouldn't be
> > > a timeout for a good password.
> >
> > You mean a delay?
> >
> > But that is what ssh does. Needs to be, over net, I think.
>
> No, the delay is only set if the password is found to be incorrect.
> Same with /bin/login.
SSH does a delay *before* it asks for the password (or is this my slow
machines?). Then it limits the guesses.
If there is only a delay with *wrong* passwords, you can make an attack:
whenecer you notice a delay, disconnect and try again.
Christian
--
Christian Knoke * * * http://www.enter.de/~c.knoke/
* * * * * * * * * Ceterum censeo Microsoft esse dividendum.
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Raimar Falke, 2003/06/03
- Message not available
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Raimar Falke, 2003/06/06
- Message not available
- [Freeciv-Dev] Re: client/server authentication (PR#1767), ChrisK@xxxxxxxx, 2003/06/06
- Message not available
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Raimar Falke, 2003/06/06
- Message not available
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Paul Zastoupil, 2003/06/06
|
|
