On Tue, Jul 19, 2016 at 11:10 PM, C0r3dump3d <coredump@xxxxxxxxxxxxx> wrote:
> Hi, sorry I don't know if I send this to the correct channel.
It is.
[..]
> it's possible in certain circumstances to provoke a DOS
> condition in the access to the ssh server.
We have been discussing this a bit, and what we have just added is a
simple hard limit on the allowed size of a password string at 1k,
above which the password is immediately refused. There's other
possible embellishments (eg, add a possibly variable delay) but we
haven't decided on any yet.
Thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
