[Freeciv-Dev] Re: client/server authentication (PR#1767)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Wed, Jun 04, 2003 at 01:47:17PM -0700, ChrisK@xxxxxxxx wrote:
> On Wed, Jun 04, 2003 at 10:01:24AM -0700, Reinier Post wrote:
> > > > I didn't test the patch yet but this sounds wrong. There shouldn't be
> > > > a timeout for a good password.
> > >
> > > You mean a delay?
> > >
> > > But that is what ssh does. Needs to be, over net, I think.
> >
> > No, the delay is only set if the password is found to be incorrect.
> > Same with /bin/login.
>
> SSH does a delay *before* it asks for the password (or is this my slow
> machines?). Then it limits the guesses.
This is your connection. ssh has to do a key exchange before it offers
you the password prompt. Two very fast machines on the same wire
experience nearly no delay.
>
> If there is only a delay with *wrong* passwords, you can make an attack:
> whenecer you notice a delay, disconnect and try again.
--
Paul Zastoupil
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Raimar Falke, 2003/06/03
- Message not available
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Raimar Falke, 2003/06/06
- Message not available
- [Freeciv-Dev] Re: client/server authentication (PR#1767), ChrisK@xxxxxxxx, 2003/06/06
- Message not available
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Raimar Falke, 2003/06/06
- Message not available
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Paul Zastoupil, 2003/06/06
|
|
