Re: Security theatre?
- From: Maaartin <grajcar1@xxxxxxxxx>
- Date: Mon, 26 Apr 2010 06:15:50 -0700 (PDT)
On Apr 26, 3:08 pm, Stewart Malik <mali0...@xxxxxxxxx> wrote:
This means, that for locking somebody out on the same computer for
time T seconds, you need to spend there about sqrt(2*T) seconds.
If I'm understanding correctly you're saying that to lock a user out
for T seconds then you would need to sit at their computer for
You do understand correctly what wrote, but it was wrong.
If this is the case then to lock a user out for 10
mins you would only have to sit there for approx 35 seconds
I wrote it the wrong way. You need to spend 10 minutes for locking out
the user for 35 seconds. It goes this way: You enter a wrong password,
wait 1 second, enter it again, wait 2 seconds, again, wait 3
seconds, ..., again, wait 34 seconds. This sums up to 1+2+...+34 =
(1+34)*34/2 = 595 seconds.
This isn't very long at all and not much of an
improvement on the current system. I liked how you suggested that a
system could clear the username after two failed attempts though.
I hope, now you like the formula, too.