On Sun, Oct 07, 2007 at 05:33:45PM +0200, Lubomir Kundrak wrote: > So what about trying to hide the machine name? This is plain nonsense. If its a key to something why not ? > Time that was spent avoiding timing `attacks' was wasted. The _password_ > is meant to be a key that is to be hidden, not the account name. If > anything, dictionary attacks can be done against the username-password > pair also. And the amount of work required grows enormously. I'd refer you to the cisco VPN flaws which clearly demonstrated there are situations where hiding the user name is enormously beneficial and made the cracking time much much longer. Alan -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
