Russ Allbery rra at stanford.edu
Mon Sep 21 14:12:04 EDT 2009

Nicolas Williams <Nicolas.Williams at sun.com> writes:

> What's really desired here is a way to slow down password guessing
> attacks.  Account "lockout" is just what this technique evolved from.

This is partly out of context and I suspect the end solution will work for
this regardless, but to mention: I don't know about others who are looking
at this feature, but what Stanford would need is account lockout, even if
it's not effective at slowing down password guessing attacks.  That's
because the requirement is regulatory, not technical.  The security
standards with which we have to comply (specifically PCI) names account
lockout specifically, not just techniques to slow down password guessing.

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the krbdev mailing list