Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:redwil:15.4
pam_schroedinger
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Meta Configuration of Package pam_schroedinger
<package name="pam_schroedinger" project="security"> <title>Uncertainty for brute forcers during login</title> <description>pam_schroedinger prevents from dicitionary/brute-force attacks against PAM accounts by only returning PAM_SUCCESS if there was no previous login or attempt within a certain timeframe. In a common scenario, users do not authenticate more than once in a second. Everything else looks like a brute force. pam_schroedinger prevents PAM accounts from dictionary attacks much better than a sleep-based delay hardcoded in the authentication mechanism, as used today in su or sudo for example. The attacker will see no delay in his attack, but he will not see which login token succeeds, even if he tried the right one. So there is a certain uncertainty added to the login process so attackers can never be sure the cat is dead or alive. This is the opposite of pam_timestamp. </description> <build> <disable repository="SLE_11_SP3"/> </build> <url>https://github.com/stealth/pam_schroedinger</url> </package>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
