Uncertainty for brute forcers during login
pam_schroedinger prevents from dicitionary/brute-force attacks against PAM
accounts by only returning PAM_SUCCESS if there was no previous login or
attempt within a certain timeframe. In a common scenario, users do not
authenticate more than once in a second. Everything else looks like a brute
force. pam_schroedinger prevents PAM accounts from dictionary attacks much
better than a sleep-based delay hardcoded in the authentication mechanism, as
used today in su or sudo for example. The attacker will see no delay in his
attack, but he will not see which login token succeeds, even if he tried the
right one. So there is a certain uncertainty added to the login process so
attackers can never be sure the cat is dead or alive. This is the opposite of
pam_timestamp.
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout security/pam_schroedinger && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
pam_schroedinger-0.2s.tar.gz | 0000006629 6.47 KB | |
pam_schroedinger.changes | 0000000137 137 Bytes | |
pam_schroedinger.spec | 0000002986 2.92 KB | |
pam_schroedinger.tmpfiles.d | 0000000117 117 Bytes |
Latest Revision
- forgot the tmpfiles.d file
Comments 0