S090726@UMRVMA.UMR.EDU ("Bob B. Funchess") (11/14/89)
"Why does it take the system so long to realize that the login is incorrect?" I haven't OFFICIALLY been told this, but I've been assuming that's not a bug, it's a feature: hacker programs designed to try to guess passwords can only retry once every 5 seconds or so, since the delay is about that long. We actually hope this ISN'T fixed. It seems a more reasonable method than the "3-try limit" that some mainframes use, since waiting 20 or 30 seconds to get your password right after 5 tries is better than waiting 5 minutes for the system to let you try again after messing up 3 times. It doesn't seem that the "problem" is related to the size of the passwd file, since it recognizes a correct login instantaneously on a human timescale. < Bob S090726@UMRVMA.UMR.EDU Funchess >
vjs@rhyolite.wpd.sgi.com (Vernon Schryver) (11/15/89)
In article <8911140002.aa23726@SMOKE.BRL.MIL>, S090726@UMRVMA.UMR.EDU ("Bob B. Funchess") writes: > "Why does it take the system so long to realize that the login is incorrect?" > > I haven't OFFICIALLY been told this, but I've been assuming that's not a bug, > it's a feature...[but is a securty patch]. > > < Bob S090726@UMRVMA.UMR.EDU Funchess > You're right. Vernon Schryver Silicon Graphics vjs@sgi.com