gdm Create User
Alan Cox
alan at redhat.com
Sun Oct 7 16:28:33 UTC 2007
On Sun, Oct 07, 2007 at 05:33:45PM +0200, Lubomir Kundrak wrote:
> So what about trying to hide the machine name? This is plain nonsense.
If its a key to something why not ?
> Time that was spent avoiding timing `attacks' was wasted. The _password_
> is meant to be a key that is to be hidden, not the account name. If
> anything, dictionary attacks can be done against the username-password
> pair also.
And the amount of work required grows enormously. I'd refer you to the
cisco VPN flaws which clearly demonstrated there are situations where
hiding the user name is enormously beneficial and made the cracking time
much much longer.
Alan
More information about the fedora-devel-list
mailing list