CVSROOT: /cvs Module name: src Changes by: dtuc...@cvs.openbsd.org 2018/04/12 21:57:26
Modified files:
usr.bin/ssh : auth2.c servconf.h sshd.c
Log message:
Defend against user enumeration timing attacks.
This establishes a minimum time for each failed authentication
attempt (5ms) and adds a per-user constant derived from a host
secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok
markus@ djm@.
