On Sun, 2007-10-07 at 12:30 -0400, Alan Cox wrote: > On Sun, Oct 07, 2007 at 11:43:53AM -0400, Steve Grubb wrote: > > Yes that is true. But not having a valid account name doubles the complexity > > and requires you to work even longer. > > More than doubles. You've now got to guess two items from the dictionary as > a matching pair. Thats like trying to throw double one rather than a single > one on dice (only these dice are multi-million sided) Right. And now add guessing of the machine's address to the complexity of bruteforcing the login information. Would the system, where an user would have to know ten passwords and five usernames be more secure than one, where account is protected just with the password? If yes, why don't we do that now? -- Lubomir Kundrak (Red Hat Security Response Team) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
