netbsd-bugs: Re: security/10206 - proposed solution (concept)

Subject: Re: security/10206 - proposed solution (concept)
To: None <elad@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Elad Efrat <elad@NetBSD.org>
List: netbsd-bugs
Date: 08/19/2005 08:42:01

The following reply was made to PR bin/10206; it has been noted by GNATS.

From: Elad Efrat <elad@NetBSD.org>
To: Nino Dehne <ndehne@gmail.com>
Cc: Alan Barrett <apb@cequrux.com>, gnats-bugs@NetBSD.org,
	tech-security@netbsd.org
Subject: Re: security/10206 - proposed solution (concept)
Date: Fri, 19 Aug 2005 11:32:31 +0300

 Nino Dehne wrote:

 > How about the ability to specify a regex that the password must match?

 This would take even another step towards making brute-force a whole lot
 easier with JtR, for example.

 My own way would be to simply enforce the length and use some
 brute-force detection to prevent the attacks. If an admin don't look at
 the logs, it doesn't matter if you have 2 or 2000 failed login
 attempts...

 -e.

 -- 
 Elad Efrat
 PGP Key ID: 0x666EB914