I’m kinda dumb on these things - but in trying to secure a system, I’m wondering about how passwords are attacked. If I type a bad password to my Admin account, it always seems to wait 5 seconds before responding. I assume this is a built in response to a brute force attack? (that is, to make it take way to long to make too many tries) Do softwares like TrueCrypt do this?
This type of thing works with client/server interactions. TrueCrypt is
drive/data encryption which is not the same. If somebody has physical
access to your drive they may get this delay between prompts, but that
only matters if they do NOT control the TrueCrypt code (which they could
replace with their own) to try to brute-force.
Anyway, just use a strong passphrase on any encryption and be sure the
media do not get lost. When it comes to client/server things hopefully
your server is smart enough to do things like blocking repeat failures
(the SSH service has options for this, for example).
There is a package called fail2ban which is designed to ‘ban’ ip addresses after too many failed authentication attempts, basically install and turn it on
To turn it on enbale it’s service in Yast > System > Sytem Services (Runlevel)
You can also use a public/private key pair for ssh authentication instead of passwords, here’s a short rundown on the basics of key authentication: SSH Public Key Based Authentication – Howto, look at ‘man ssh’ for more detailed info
On 07/22/2011 07:36 PM, PattiMichelle wrote:
>
> I’m kinda dumb on these things - but in trying to secure a system, I’m
> wondering about how passwords are attacked. If I type a bad password to
> my Admin account, it always seems to wait 5 seconds before responding.
> I assume this is a built in response to a brute force attack? (that is,
> to make it take way to long to make too many tries) Do softwares like
> TrueCrypt do this?
>
> Thanks!
> Patti
>
>
This is set up in /etc/login.defs: FAIL_DELAY (or through YaST -> Local Security -> Login Settings: Delay after Incorrect Login Attempt) and LOGIN_RETRIES.