Public bug reported:
Binary package hint: gdm
Ubuntu intrepid ibex 8.10 beta (updated)
$ apt-cache policy gdm login
gdm:
Installed: 2.20.8-0ubuntu3
Candidate: 2.20.8-0ubuntu3
Version table:
*** 2.20.8-0ubuntu3 0
500 http://archive.ubuntu.com intrepid/main Packages
100 /var/lib/dpkg/status
login:
Installed: 1:4.1.1-1ubuntu1
Candidate: 1:4.1.1-1ubuntu1
Version table:
*** 1:4.1.1-1ubuntu1 0
500 http://archive.ubuntu.com intrepid/main Packages
100 /var/lib/dpkg/status
As it is, the gdm (and login) wait a standard amount of several (5?) seconds
after each bad login.
My suggestion is to set an increasing wait of (n*2) seconds after each bad
login. For example:
- Login attempt #1: wait 2 seconds
- Login attempt #2: wait 4 seconds
- Login attempt #3: wait 6 seconds
- Login attempt #4: wait 8 seconds
- Login attempt #5: wait 10 seconds
This could be considered to increase security for brute force attacks and limit
the attempts until the users logs in and notices the bad attempts performed.
Meanwhile, you could consider printing a message "Please wait..." or
"Authenticating..." until the waiting period is over.
Note: this wishlist was formed from
http://ubuntuforums.org/showthread.php?p=5997493
** Affects: gdm (Ubuntu)
Importance: Undecided
Status: New
--
[wishlist] login and gdm - should increase the waiting time with every bad
login with a message
https://bugs.launchpad.net/bugs/287523
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm in ubuntu.
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
