S090726@UMRVMA.UMR.EDU ("Bob B. Funchess") (11/14/89)
"Why does it take the system so long to realize that the login is incorrect?"
I haven't OFFICIALLY been told this, but I've been assuming that's not a bug,
it's a feature: hacker programs designed to try to guess passwords can only
retry once every 5 seconds or so, since the delay is about that long. We
actually hope this ISN'T fixed. It seems a more reasonable method than the
"3-try limit" that some mainframes use, since waiting 20 or 30 seconds to get
your password right after 5 tries is better than waiting 5 minutes for the
system to let you try again after messing up 3 times.
It doesn't seem that the "problem" is related to the size of the passwd file,
since it recognizes a correct login instantaneously on a human timescale.
< Bob S090726@UMRVMA.UMR.EDU Funchess >vjs@rhyolite.wpd.sgi.com (Vernon Schryver) (11/15/89)
In article <8911140002.aa23726@SMOKE.BRL.MIL>, S090726@UMRVMA.UMR.EDU ("Bob B. Funchess") writes: > "Why does it take the system so long to realize that the login is incorrect?" > > I haven't OFFICIALLY been told this, but I've been assuming that's not a bug, > it's a feature...[but is a securty patch]. > > < Bob S090726@UMRVMA.UMR.EDU Funchess > You're right. Vernon Schryver Silicon Graphics vjs@sgi.com