Summary of password strength discussion

drago01 drago01 at
Mon Jul 27 19:22:28 UTC 2015

On Mon, Jul 27, 2015 at 8:43 PM, Lars Seipel <lars.seipel at> wrote:
> On Mon, Jul 27, 2015 at 11:19:41AM -0600, Chris Murphy wrote:
>> Why is password quality being targeted rather than the number of ssh
>> attempts being set to e.g. 3 per minute, by default? And does this
>> sufficiently mitigate the concern, and if not, why not?
> Restricting login attempts means that now even the most naïve kind of
> attack can lock me out of my machine. You know, the really stupid
> attacks that rain down on almost any internet host in gigantic numbers
> but are effectively countered by using anything but the most trivial of
> passwords.

Not if you apply the limit per IP (of the client).

More information about the desktop mailing list