Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?

To: debian-user@lists.debian.org
Subject: Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?
From: Merciadri Luca <Luca.Merciadri@student.ulg.ac.be>
Date: Sat, 26 Jun 2010 19:37:37 +0200
Message-id: <[🔎] 87vd95elum.fsf@merciadriluca-station.MERCIADRILUCA>
References: <[🔎] 4C1FDB29.5000300@student.ulg.ac.be> <[🔎] 20100621174721.6d022ca4.celejar@gmail.com> <[🔎] 4C1FE2A5.9010402@cox.net> <[🔎] 20100623213257.GA13324@aurora.owens.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rob Owens <rowens@ptd.net> writes:

> On Mon, Jun 21, 2010 at 05:07:33PM -0500, Ron Johnson wrote:
>> On 06/21/2010 04:47 PM, Celejar wrote:
>>> On Mon, 21 Jun 2010 23:35:37 +0200
>>> Merciadri Luca<Luca.Merciadri@student.ulg.ac.be>  wrote:
>>>
>>>> Hi,
>>>>
>>>> I use GNOME.
>>>>
>>>> I have noticed that if I type some erroneous password to leave the
>>>> screensaver mode, GNOME takes ~3 or 4 secs. to tell me that it is
>>>> erroneous. If I type the correct password, I am directly sent in my
>>>> session. Why does it take so much time to tell me that a password is
>>>> erroneous? I can even know if I made a typo by looking at how much time
>>>> it takes!
>>>
>>> Same thing with xscreensaver.  I think that a lot of software that asks
>>> for a password behaves like this, perhaps to prevent brute-forcing?
>>> I'm not sure if brute-forcing is possible on a GUI, though.
>>>
>>
>> Since I notice the same issue when logging in from the console, could it 
>> be a problem with libpam?
>>
> /etc/pam.d/login contains this on my system:
>
> # Enforce a minimal delay in case of failure (in microseconds).
> # (Replaces the `FAIL_DELAY' setting from login.defs)
> # Note that other modules may require another minimal delay. (for
> # example,
> # to disable any delay, you should add the nodelay option to pam_unix)
> auth       optional   pam_faildelay.so  delay=3000000
Thanks for mentioning this.

- -- 
Merciadri Luca
See http://www.student.montefiore.ulg.ac.be/~merciadri/
- -- 

The whole dignity of man lies in the power of thought. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iEYEARECAAYFAkwmOuEACgkQM0LLzLt8MhwS7QCeMbeR0SW3LzNczvEw5Pltjz+I
5IwAoIjQrWQHw9j4whMUgVjzwnOmXh3g
=X2nu
-----END PGP SIGNATURE-----

Reply to:

References:
- Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?
  - From: Merciadri Luca <Luca.Merciadri@student.ulg.ac.be>
- Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?
  - From: Celejar <celejar@gmail.com>
- Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?
  - From: Rob Owens <rowens@ptd.net>

Prev by Date: Re: Understanding my recurrent network connectivity problems
Next by Date: Re: Understanding my recurrent network connectivity problems
Previous by thread: Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?
Next by thread: Re: Why does GNOME take so much time to tell that a screensaver-introduced password is erroneous?
Index(es):
- Date
- Thread