Summary of password strength discussion
drago01
drago01 at gmail.com
Mon Jul 27 19:22:28 UTC 2015
On Mon, Jul 27, 2015 at 8:43 PM, Lars Seipel <lars.seipel at gmail.com> wrote:
> On Mon, Jul 27, 2015 at 11:19:41AM -0600, Chris Murphy wrote:
>> Why is password quality being targeted rather than the number of ssh
>> attempts being set to e.g. 3 per minute, by default? And does this
>> sufficiently mitigate the concern, and if not, why not?
>
> Restricting login attempts means that now even the most naïve kind of
> attack can lock me out of my machine. You know, the really stupid
> attacks that rain down on almost any internet host in gigantic numbers
> but are effectively countered by using anything but the most trivial of
> passwords.
Not if you apply the limit per IP (of the client).
More information about the desktop
mailing list