[Pkg-shadow-devel] Bug#463113: Bug#463113: closed by Nicolas François <nicolas.francois at centraliens.net> (Re: Bug#463113: login: delay when password was typed incorrectly is security measure of the past)

[Alexander Gattin]

Hi,

On Wed, Jan 30, 2008 at 05:47:07PM +0100, Folkert van Heusden wrote:
> What about parallel logins?

Number of parallel logins is limited to:
1. number of nproc/nofile for root user
2. max number of PIDs on a system
3. speed of CPU context switches
4. in case of login-KILL attempts,
   the brute force attacker will still
   have to maitain some timeout (try
   some real world tcl/expect code and
   it will become obvious for you)
   for guessing when the pasword was
   wrong, and there is also a program
   load/start delay of approx. 2ms
   (see http://shootout.alioth.debian.org/gp4/benchmark.php?test=hello&lang=all).

-- 
With best regards,
xrgtn (+380501102966/+380636177128/ICQ:381730053/xrgtn at jabber.kiev.ua)