Re: FAS password complexity requirements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20/03/2011 1:09 p.m., Kevin Fenzi wrote:
On Sun, 20 Mar 2011 12:53:05 +1300
Jose Mathew Manimala <josemanimala@xxxxxxxxx> wrote:

Also, I would think we should not allow for same characters adjacent
to each other.

For ex, Say - "rep@rcuss1on" this would be hard but a brute force can
still crack this....  (offline password crack using johntheripper
recent rootkit.com exploit).
well, we want to be careful not to make it too restrictive... because
if you have enough rules you are reducing the pool of possible
addresses, in the end making it easier to brute force. :) 
(so long as the rules are known, and we would need to tell our users
that, so an attacker would know as well). 

Setting up a slowdown in fas for login attempts could also help prevent
brute force. (ie, failed attempts take 2x as long each time, etc). 

kevin
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
True, :).  or a captcha could work as well.
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux