Your password is now easier to crack than you think : comments [Funk Babblings]

Wouldn't restricting login attempts to a small a number as once per second take care of that problem?

I mean, true it wouldn't work for login attempts that keep on changing usernames (unless you restricted by IP, but that is not practical for many uses), but I don't see those as being a problem as long as your number of users is sufficiently large.

[parent entry] [link] [reply]

Depends on whether the attacker can bypass that restriction. Often attackers can get the (encrypted) password database, and try as often as they want.

[link] [parent] [reply]

Oh. That makes sense then.

How do they typically get it?

[link] [parent] [reply]

Network-facing services often have holes (bugs) that allow someone to grab arbitrary files from the system. They just have to know how to exploit the problem and grab the file they want.

[link] [parent] [reply]

Ok. I thought for some reason that most systems (at least run by competent sysadmins) didn't have these holes, or at least holes that anyone had found.

[link] [parent] [reply]

Well first, you have a lot of questionable conditions there, such as "competent sysadmins". :-)
Second, you have to define "anyone". There are certainly holes that are unknown to the good guys, but known to the bad guys.

Also, going back to your earlier question, it's not always possible to limit the number of logins, depending on the protocol being used.

[link] [parent] [reply]

Sun	Mon	Tue	Wed	Thu	Fri	Sat
				1	2	3
4	5	6	7	8	9	10
11	12	13 1	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Funk Babblings

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

April