Garrett D'Amore writes:
> On Mon, 2 Sep 1996 14:10:10 -0400 (EDT) John Gardiner Myers wrote:
>
> > "(Paul Blackburn)" <[EMAIL PROTECTED]> writes:
> > > NB: AFS passwords from your kaserver(s) are never presented by "ypcat".
> >
> > However, they are no less vulnerable to externally mounted dictionary
> > attacks.
>
> Such an attack requires great patience, because the cost of repetitively
> connecting sending the password, waiting for the response, etc. can be
> great (in terms of wall clock time, not CPU time). In fact, a fairly
> trivial way to defeat this sort of dictionary attack is to make it very
> costly by sleeping a few seconds before sending the error notification.
> After 5 failures or so, one could refuse all login attempts on a given account
Not sure I follow. You can easily request a single ticket granting
ticket and bang on it to your hearts content until it is broken.
roland
