Gnupg-users Digest, Vol 91, Issue 30
Mike Acker
Mike_Acker at charter.net
Tue Apr 19 21:17:36 CEST 2011
On 04/19/2011 14:35, gnupg-users-request at gnupg.org wrote:
> Maybe because, since this is the support list for GnuPG, we are all
> thinking more about how to protect an encrypted file than about how to
> protect a server account.
relevance?
what difference does it make if I am discussing a server logon or the
password for a .zip? 3 strikes, you're out would be good on the server
but for the .zip the delay after bad makes more sense
if i delay responding to a bad password for 1 second the speed of your
processor become irrelevant: you now need 1000 vm's to get to 1m
tries/sec. and there's no real reason i wouldn't make it 10 sec after
the 2d bad try, and then 30 min after the 3d -- like the Novell server
used to do
--
/MIKE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110419/2bb7ae03/attachment.pgp>
More information about the Gnupg-users
mailing list