On Sun, 20 Mar 2011 12:53:05 +1300 Jose Mathew Manimala <josemanimala@xxxxxxxxx> wrote: > Also, I would think we should not allow for same characters adjacent > to each other. > > For ex, Say - "rep@rcuss1on" this would be hard but a brute force can > still crack this.... (offline password crack using johntheripper > recent rootkit.com exploit). well, we want to be careful not to make it too restrictive... because if you have enough rules you are reducing the pool of possible addresses, in the end making it easier to brute force. :) (so long as the rules are known, and we would need to tell our users that, so an attacker would know as well). Setting up a slowdown in fas for login attempts could also help prevent brute force. (ie, failed attempts take 2x as long each time, etc). kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
