CVSROOT:        /cvs
Module name:    src
Changes by: 2018/04/12 21:57:26

Modified files:
        usr.bin/ssh    : auth2.c servconf.h sshd.c 

Log message:
Defend against user enumeration timing attacks.
This establishes a minimum time for each failed authentication
attempt (5ms) and adds a per-user constant derived from a host
secret (0-4ms).  Based on work by joona.kannisto at, ok
markus@ djm@.

Reply via email to