LogoopenSUSE Build Service > Projects
Sign Up | Log In

Uncertainty for brute forcers during login

pam_schroedinger prevents from dicitionary/brute-force attacks against PAM
accounts by only returning PAM_SUCCESS if there was no previous login or
attempt within a certain timeframe. In a common scenario, users do not
authenticate more than once in a second. Everything else looks like a brute
force. pam_schroedinger prevents PAM accounts from dictionary attacks much
better than a sleep-based delay hardcoded in the authentication mechanism, as
used today in su or sudo for example. The attacker will see no delay in his
attack, but he will not see which login token succeeds, even if he tried the
right one. So there is a certain uncertainty added to the login process so
attackers can never be sure the cat is dead or alive. This is the opposite of
pam_timestamp.

Source Files (show merged sources derived from linked package)

Filename Size Changed Actions
pam_schroedinger-0.2s.tar.gz 6.47 KB over 3 years ago Download File
pam_schroedinger.changes 137 Bytes over 3 years ago Download File
pam_schroedinger.spec 2.92 KB over 3 years ago Download File
pam_schroedinger.tmpfiles.d 117 Bytes over 3 years ago Download File

Comments for home:X0F:HSF (0)