|
|
| Author |
Message |
| 25 new of 293 responses total. |
aruba
|
|
response 250 of 293:
| 
Mar 3 04:55 UTC 2002 |
(I think it's deliberately annoying, to discourage people from trying to
guess passwords by typing things over and over again.)
|
jmsaul
|
|
response 251 of 293:
|
Mar 3 06:32 UTC 2002 |
I doubt it does anything to discourage twits, but it annoys the piss out of
legitimate users who make typing mistakes.
I'd lose it, personally. If you guys are that worried about people
hacking passwords, install a version of passwd that doesn't permit weak
ones that people could guess by typing them in. You've already got the
limited number of attempts per telnet session, which does a lot more to
discourage password hacking than inserting a delay ever will.
But knowing you guys, to get it changed I'd have to make a proposal in
Coop, get told that my opinion doesn't count because I'm not a paying
member, and then touch off a massive flame war about how central the delay
is to Grex's culture, and how if it were removed than people who can't
type worth shit would log in here more often and bring the tone down,
because Grex only wants people who type what they mean the first time.
The delay is right up there with confiscating nail files and letting
ballpoint pens through checkpoints on the "moronic security measures that
sound cool until you think about them for a second" scale. In my personal
and professional opinion.
|
other
|
|
response 252 of 293:
|
Mar 3 07:31 UTC 2002 |
Joe, your opinion doesn't count when you're being this pissy.
(Couldn't resist...)
|
russ
|
|
response 253 of 293:
|
Mar 3 13:32 UTC 2002 |
It occurs to me that it would probably not be terribly difficult
to look for lots of logins from the same IP address, and just
set the router to block that IP address for a while. End of
problem.
|
keesan
|
|
response 254 of 293:
|
Mar 3 14:49 UTC 2002 |
I sometimes also type my password wrong since I cannot see on the screen what
I am typing. Jmsaul appears to be a less than perfect typist. Is there some
easy way to change things so we could see the password as we are typing?
|
remmers
|
|
response 255 of 293:
|
Mar 3 14:59 UTC 2002 |
You could do it for yourself by turning on local echo temporarily
in your terminal program. From a security point of view, it would
be a horrible idea to do it globally for everybody.
|
glenda
|
|
response 256 of 293:
|
Mar 3 15:13 UTC 2002 |
There is no way in hell that I want to be able to see a password as it is
typed in. Even when accessing from my own computer in my own home. That
defeats the purpose of a password. If passwords were seeable I would never,
ever login anywhere but home, and then when no one else was in the room.
|
aruba
|
|
response 257 of 293:
|
Mar 3 15:20 UTC 2002 |
Re #251: Someone needs a hug.
|
keesan
|
|
response 258 of 293:
|
Mar 3 15:26 UTC 2002 |
There is nobody in my apartment that I want to hide my password from, and ifI
did, they could watch what I was typing. In fact I often watch myself type
my password to make sure I get it right. I used to know how to turn Echo on
with Procomm (Alt-E) but probably other programs are different. Is there
something an individual user can do to make their password appear onscreen
every time without changing the echo?
|
other
|
|
response 259 of 293:
|
Mar 3 16:05 UTC 2002 |
Nope, and there never will be. Never with Grex, and never with anything
else into which you have to type a password, unless the author of the
software wrote in password functionality as a mere formality without
really caring about it.
|
gull
|
|
response 260 of 293:
|
Mar 3 17:13 UTC 2002 |
I second #259, though I do like the more recent convention in some
software of displaying asterisks as you type your password. Makes it
more obvious that you've actually hit the keys and the software is
actually listening.
|
jmsaul
|
|
response 261 of 293:
|
Mar 3 17:21 UTC 2002 |
Re #257: Do I get a wet, sloppy kiss, too?
Re #254: I never claimed to be a perfect typist. I'm a good one, but not
a perfect one. I don't need to see what I'm typing, though,
because I usually notice when I screw up. Making the password
visible for everyone when it's typed is a really bad idea.
Even worse than leaving the annoying-but-somehow-useless-for-
preventing-hacking delay in.
|
aruba
|
|
response 262 of 293:
|
Mar 3 17:38 UTC 2002 |
Re #261: Not from me, but perhaps some other Grexer will oblige you.
|
jmsaul
|
|
response 263 of 293:
|
Mar 3 17:47 UTC 2002 |
Tease.
|
davel
|
|
response 264 of 293:
|
Mar 3 21:06 UTC 2002 |
re 260: I often am glad for things that echo asterisks or something. However,
if I were logging in from a public place, I'd worry about it. Making it
easier for people to know for sure how many characters you're typing is not
all that good an idea.
|
gelinas
|
|
response 265 of 293:
|
Mar 3 21:36 UTC 2002 |
Lotus Notes put up a random number of heiroglyphs, rather than asterisks.
|
bilz
|
|
response 266 of 293:
|
Mar 3 22:12 UTC 2002 |
why is this so slow?
|
gelinas
|
|
response 267 of 293:
|
Mar 3 23:52 UTC 2002 |
What do you mean by "slow"? If picospan ("bbs"), then it's probably because
this is a long-running conversation.
|
mdw
|
|
response 268 of 293:
|
Mar 4 01:02 UTC 2002 |
The bad password delay has been a standard part of Unix login programs
for a long time. The retry shouldn't be obnoxious unless you've managed
to typo your password twice, in which case, it probably won't hurt for
you to slowdown and think about what you're doing.
The IETF folks want to put a built-in delay of >1second (via a
computationally expensive CPU loop) for encrypting K5 passwords via AES.
If you want to worry about something, why not worry about that?
|
gelinas
|
|
response 269 of 293:
|
Mar 4 01:22 UTC 2002 |
What is their excuse?
|
jmsaul
|
|
response 270 of 293:
|
Mar 4 02:24 UTC 2002 |
Re #268: It's obnoxious on one retyping. Try it. (I don't typo it
twice.)
|
mdw
|
|
response 271 of 293:
|
Mar 4 02:43 UTC 2002 |
Slow down brute force password cracking.
|
oval
|
|
response 272 of 293:
|
Mar 4 07:41 UTC 2002 |
:)
|
jhudson
|
|
response 273 of 293:
|
Mar 4 18:17 UTC 2002 |
The problem with ^H, ^U, etc. is buried in /usr/sbin/telnetd.
|
hash
|
|
response 274 of 293:
|
Mar 6 03:25 UTC 2002 |
finding a pattern in spam:
http://www.blackant.net/code/oth/random/nlp-spamfilter.php
|
