Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?

[Rob Owens <rowens@ptd.net>]

On Mon, Jun 21, 2010 at 05:07:33PM -0500, Ron Johnson wrote:
> On 06/21/2010 04:47 PM, Celejar wrote:
>> On Mon, 21 Jun 2010 23:35:37 +0200
>> Merciadri Luca<Luca.Merciadri@student.ulg.ac.be>  wrote:
>>
>>> Hi,
>>>
>>> I use GNOME.
>>>
>>> I have noticed that if I type some erroneous password to leave the
>>> screensaver mode, GNOME takes ~3 or 4 secs. to tell me that it is
>>> erroneous. If I type the correct password, I am directly sent in my
>>> session. Why does it take so much time to tell me that a password is
>>> erroneous? I can even know if I made a typo by looking at how much time
>>> it takes!
>>
>> Same thing with xscreensaver.  I think that a lot of software that asks
>> for a password behaves like this, perhaps to prevent brute-forcing?
>> I'm not sure if brute-forcing is possible on a GUI, though.
>>
>
> Since I notice the same issue when logging in from the console, could it 
> be a problem with libpam?
>
/etc/pam.d/login contains this on my system:

# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for
# example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth       optional   pam_faildelay.so  delay=3000000

-Rob