Re: Password policy.

To: peter@easthope.ca
Cc: debian-user@lists.debian.org
Subject: Re: Password policy.
From: Dan Ritter <dsr@randomstring.org>
Date: Tue, 13 Nov 2018 15:03:06 -0500
Message-id: <[🔎] 20181113200306.uhyfex7gmx6asvfy@randomstring.org>
In-reply-to: <[🔎] E1gMeXE-00020j-Iz@dalton.invalid>
References: <[🔎] E1gMbT7-0001Ge-TB@dalton.invalid> <[🔎] 201811131249.17535.gheskett@shentel.net> <[🔎] E1gMeXE-00020j-Iz@dalton.invalid>

peter@easthope.ca wrote: 
> *	From: Gene Heskett <gheskett@shentel.net>
> *	Date: Tue, 13 Nov 2018 12:49:17 -0500
> > "John the ripper" can find a 6 char word in a couple seconds on a slow 
> > machine.
> 
> We refer to two completely different processes or I completely miss 
> the point. After an incorrect password is submitted, the 
> authentication process waits a few seconds before allowing another 
> try.  Therefore if "John the ripper" is to success in two seconds, the 
> correct pw must be submitted on the first try.  That might happen once 
> in an astronomical number of different authentications but not 
> frequently.  ... Unless magic is involved.  (?)

No magic. The login process has delays built in to it. John The
Ripper does its own comparison against the value of the hash
stored in /etc/shadow, not actually invoking login.

-dsr-

Reply to:

References:
- Password policy.
  - From: peter@easthope.ca
- Re: Password policy.
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Password policy.
  - From: peter@easthope.ca

Prev by Date: Re: Password policy.
Next by Date: Re: Password policy.
Previous by thread: Re: Password policy.
Next by thread: Re (2): Password policy.
Index(es):
- Date
- Thread