Re: Security theatre?



On Apr 26, 3:08 pm, Stewart Malik <mali0...@xxxxxxxxx> wrote:
This means, that for locking somebody out on the same computer for
time T seconds, you need to spend there about sqrt(2*T) seconds.

If I'm understanding correctly you're saying that to lock a user out
for T seconds then you would need to sit at their computer for
sqrt(2*T) seconds.

You do understand correctly what wrote, but it was wrong.

If this is the case then to lock a user out for 10
mins you would only have to sit there for approx 35 seconds
(sqrt(1200)).

I wrote it the wrong way. You need to spend 10 minutes for locking out
the user for 35 seconds. It goes this way: You enter a wrong password,
wait 1 second, enter it again, wait 2 seconds, again, wait 3
seconds, ..., again, wait 34 seconds. This sums up to 1+2+...+34 =
(1+34)*34/2 = 595 seconds.

This isn't very long at all and not much of an
improvement on the current system. I liked how you suggested that a
system could clear the username after two failed attempts though.

I hope, now you like the formula, too.
.



Relevant Pages

  • Re: Security theatre?
    ... If I'm understanding correctly you're saying that to lock a user out ... mins you would only have to sit there for approx 35 seconds ... system could clear the username after two failed attempts though. ...
    (sci.crypt)
  • Re: using clustered index to optimize inserts ...
    ... I will try to explain locking in terms of Sybase docs... ... Allpages Locking: Allpages locking locks both data pages and index ... the data page is locked with an exclusive lock. ... Clustered Index: The datarows will be arranged as per the clustered ...
    (comp.databases.sybase)
  • Re: [PATCH 17/18] fs: icache remove inode_lock
    ... If you understand inode locking today, ... can understand the inode scaling series quite easily. ... filesystems to lock down the object without taking a global ... Per-zone is problematic. ...
    (Linux-Kernel)
  • Re: CSingleLock - known behaviour?
    ... It is better to design code that doesn't require locking. ... If you don't need the resource, don't lock it. ... magnitude less efficient, than locking once. ...
    (microsoft.public.vc.mfc)
  • Re: Strange multi-user timing phenomenon
    ... table record with pessimistic locking and both edit the same record. ... the recordset will be sufficient to lock out other users. ... update the recordset (if you had to edit data) and then close it. ...
    (microsoft.public.access.formscoding)