26
2
Possible Duplicate:
Why would an incorrect password attempt take a lot longer to process than a correct one?
When you get the correct login credentials, you are logged in immediately. When you get your password wrong, there's a second delay before you're notified and able to try again.
Is this a prevention against cracking, or is there something else going on behind the scenes?
Dean
Posted 2012-06-24T17:40:33.257
Reputation: 2 452
45
It is a prevention against cracking. It is a forced delay, usually about 2 or 3 seconds delay before a new login prompt is issued. This helps prevent automated attacks by making the iteration too long to be practical.
On linux, it can be configured in the /etc/login.defs file.
# Delay in seconds before being allowed another attempt after a login failure.
FAIL_DELAY 3
Keith
Posted 2012-06-24T17:40:33.257
Reputation: 7 263
8On my machine, that config file says that FAIL_DELAY is obsoleted by pam and should be handled in the /etc/pam.d/login file (pam_faildelay.so) – matzahboy – 2012-06-25T01:03:12.387
16
The main reason is, like you said, to stop automated attacks. It just slows down a potential "bad guy" if he can only try ten passwords a minute instead of a hundred.
You'll also notice that the shell completely restarts after 3 or 4 failed attempts. I think this is to detach or kill any attached processes which could be malicious.
jackweirdy
Posted 2012-06-24T17:40:33.257
Reputation: 754
7
I guess it's a form of "Tarpitting" where the server delays incoming connections for as long as possible
ScaryAardvark
Posted 2012-06-24T17:40:33.257
Reputation: 191
1I've noticed a flaw on a couple of Linux systems which permitted me to login as 'bin' without requiring a password! – Frank R. – 2012-06-24T20:05:30.693
@Frank - what distro? I find this very surprising. – stefgosselin – 2012-06-26T18:20:22.753
distro=distributions.. yeah, for the longest time, there's been a security flaw which very few people know that allow a hacker to obtain the password for root! – Frank R. – 2012-06-26T20:10:12.053