Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Unrelated IP addresses
Posted Oct 24, 2009 15:38 UTC (Sat) by ikm (subscriber, #493)
I think though, too, the password lists are limited to some most common passwords only (e.g. 123, qwerty and so on). I think in that sense server-side password auditing would be enough to secure the host.
Posted Oct 26, 2009 16:07 UTC (Mon) by giraffedata (subscriber, #1954)
Multiply by 1000 nodes and you get 1000 attempts per hour.
And divide that by 1000 nodes and you get 1 attempt per hour, and since my actions will secure 1 of the 1000 nodes, that's the number that matters for me.
I think we're talking about two kinds of hacks: 1) someone wants into my system; 2) someone wants into any system. In (2), there's no reason for the hacker to hit my system frequently, but there's also correspondingly less chance he'll get into my system.
Hey another statistical reality: the user's password change interval is irrelevant to the probability of successfuly guessing. The expected number of guesses it takes is the same no matter how many how times the password changes while the guessing is going on.
Posted Oct 26, 2009 19:19 UTC (Mon) by ikm (subscriber, #493)
Posted Oct 26, 2009 19:35 UTC (Mon) by NAR (subscriber, #1313)
Posted Oct 26, 2009 19:45 UTC (Mon) by ikm (subscriber, #493)
Posted Oct 26, 2009 22:26 UTC (Mon) by dlang (✭ supporter ✭, #313)
unless you say you are locking the _user_ out from any IP address for 2 min.
if that's the case an attacker will just DOS you so that you can't login to the box yourself.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds