Re: Security theatre?



On Apr 26, 3:08 pm, Stewart Malik <mali0...@xxxxxxxxx> wrote:
This means, that for locking somebody out on the same computer for
time T seconds, you need to spend there about sqrt(2*T) seconds.

If I'm understanding correctly you're saying that to lock a user out
for T seconds then you would need to sit at their computer for
sqrt(2*T) seconds.

You do understand correctly what wrote, but it was wrong.

If this is the case then to lock a user out for 10
mins you would only have to sit there for approx 35 seconds
(sqrt(1200)).

I wrote it the wrong way. You need to spend 10 minutes for locking out
the user for 35 seconds. It goes this way: You enter a wrong password,
wait 1 second, enter it again, wait 2 seconds, again, wait 3
seconds, ..., again, wait 34 seconds. This sums up to 1+2+...+34 =
(1+34)*34/2 = 595 seconds.

This isn't very long at all and not much of an
improvement on the current system. I liked how you suggested that a
system could clear the username after two failed attempts though.

I hope, now you like the formula, too.
.