Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rob Owens <rowens@ptd.net> writes:
> On Mon, Jun 21, 2010 at 05:07:33PM -0500, Ron Johnson wrote:
>> On 06/21/2010 04:47 PM, Celejar wrote:
>>> On Mon, 21 Jun 2010 23:35:37 +0200
>>> Merciadri Luca<Luca.Merciadri@student.ulg.ac.be> wrote:
>>>
>>>> Hi,
>>>>
>>>> I use GNOME.
>>>>
>>>> I have noticed that if I type some erroneous password to leave the
>>>> screensaver mode, GNOME takes ~3 or 4 secs. to tell me that it is
>>>> erroneous. If I type the correct password, I am directly sent in my
>>>> session. Why does it take so much time to tell me that a password is
>>>> erroneous? I can even know if I made a typo by looking at how much time
>>>> it takes!
>>>
>>> Same thing with xscreensaver. I think that a lot of software that asks
>>> for a password behaves like this, perhaps to prevent brute-forcing?
>>> I'm not sure if brute-forcing is possible on a GUI, though.
>>>
>>
>> Since I notice the same issue when logging in from the console, could it
>> be a problem with libpam?
>>
> /etc/pam.d/login contains this on my system:
>
> # Enforce a minimal delay in case of failure (in microseconds).
> # (Replaces the `FAIL_DELAY' setting from login.defs)
> # Note that other modules may require another minimal delay. (for
> # example,
> # to disable any delay, you should add the nodelay option to pam_unix)
> auth optional pam_faildelay.so delay=3000000
Thanks for mentioning this.
- --
Merciadri Luca
See http://www.student.montefiore.ulg.ac.be/~merciadri/
- --
The whole dignity of man lies in the power of thought.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iEYEARECAAYFAkwmOuEACgkQM0LLzLt8MhwS7QCeMbeR0SW3LzNczvEw5Pltjz+I
5IwAoIjQrWQHw9j4whMUgVjzwnOmXh3g
=X2nu
-----END PGP SIGNATURE-----
Reply to: