Prev: viewing a pdf in Squeeze
Next: How 'stable' is squeeze?
From: Rob Owens on 23 Jun 2010 17:40
On Mon, Jun 21, 2010 at 05:07:33PM -0500, Ron Johnson wrote:
> On 06/21/2010 04:47 PM, Celejar wrote:
>> On Mon, 21 Jun 2010 23:35:37 +0200
>> Merciadri Luca<Luca.Merciadri(a)student.ulg.ac.be> wrote:
>>
>>> Hi,
>>>
>>> I use GNOME.
>>>
>>> I have noticed that if I type some erroneous password to leave the
>>> screensaver mode, GNOME takes ~3 or 4 secs. to tell me that it is
>>> erroneous. If I type the correct password, I am directly sent in my
>>> session. Why does it take so much time to tell me that a password is
>>> erroneous? I can even know if I made a typo by looking at how much time
>>> it takes!
>>
>> Same thing with xscreensaver. I think that a lot of software that asks
>> for a password behaves like this, perhaps to prevent brute-forcing?
>> I'm not sure if brute-forcing is possible on a GUI, though.
>>
>
> Since I notice the same issue when logging in from the console, could it
> be a problem with libpam?
>
/etc/pam.d/login contains this on my system:

# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for
# example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000

-Rob


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/20100623213257.GA13324(a)aurora.owens.net
From: Merciadri Luca on 26 Jun 2010 13:50
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rob Owens <rowens(a)ptd.net> writes:

> On Mon, Jun 21, 2010 at 05:07:33PM -0500, Ron Johnson wrote:
>> On 06/21/2010 04:47 PM, Celejar wrote:
>>> On Mon, 21 Jun 2010 23:35:37 +0200
>>> Merciadri Luca<Luca.Merciadri(a)student.ulg.ac.be> wrote:
>>>
>>>> Hi,
>>>>
>>>> I use GNOME.
>>>>
>>>> I have noticed that if I type some erroneous password to leave the
>>>> screensaver mode, GNOME takes ~3 or 4 secs. to tell me that it is
>>>> erroneous. If I type the correct password, I am directly sent in my
>>>> session. Why does it take so much time to tell me that a password is
>>>> erroneous? I can even know if I made a typo by looking at how much time
>>>> it takes!
>>>
>>> Same thing with xscreensaver. I think that a lot of software that asks
>>> for a password behaves like this, perhaps to prevent brute-forcing?
>>> I'm not sure if brute-forcing is possible on a GUI, though.
>>>
>>
>> Since I notice the same issue when logging in from the console, could it
>> be a problem with libpam?
>>
> /etc/pam.d/login contains this on my system:
>
> # Enforce a minimal delay in case of failure (in microseconds).
> # (Replaces the `FAIL_DELAY' setting from login.defs)
> # Note that other modules may require another minimal delay. (for
> # example,
> # to disable any delay, you should add the nodelay option to pam_unix)
> auth optional pam_faildelay.so delay=3000000
Thanks for mentioning this.

- --
Merciadri Luca
See http://www.student.montefiore.ulg.ac.be/~merciadri/
- --

The whole dignity of man lies in the power of thought.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iEYEARECAAYFAkwmOuEACgkQM0LLzLt8MhwS7QCeMbeR0SW3LzNczvEw5Pltjz+I
5IwAoIjQrWQHw9j4whMUgVjzwnOmXh3g
=X2nu
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/87vd95elum.fsf(a)merciadriluca-station.MERCIADRILUCA
 | 
Pages: 1
Prev: viewing a pdf in Squeeze
Next: How 'stable' is squeeze?