Subject: Re: security/10206 - proposed solution (concept)
To: Nino Dehne <firstname.lastname@example.org>
From: Elad Efrat <elad@NetBSD.org>
Date: 08/19/2005 11:32:31
Nino Dehne wrote:
> How about the ability to specify a regex that the password must match?
This would take even another step towards making brute-force a whole lot
easier with JtR, for example.
My own way would be to simply enforce the length and use some
brute-force detection to prevent the attacks. If an admin don't look at
the logs, it doesn't matter if you have 2 or 2000 failed login
PGP Key ID: 0x666EB914