FESCO request to revert password confirmation change in F22
Dan Winship
danw at redhat.com
Mon Mar 9 14:27:37 UTC 2015
On 03/06/2015 06:55 PM, Michael Catanzaro wrote:
> Well... yes, I suppose if you've left your computer on and locked, and
> the attacker wants to make sure you do not notice the reboot, or wants
> to get a RAM dump that would be lost when shut down (e.g. for my
> gnome-keyring passwords), then there is some benefit, but to a quite
> limited extent IMO: the attacker is still limited by the speed at which
> PAM and gdm allow you to try logging in. Every guess takes something
> like three seconds. So I think a weak password suffices.
*cough*
https://bugzilla.gnome.org/show_bug.cgi?id=731616
*cough*
More information about the devel
mailing list