Finding Passwords

Dan Bernstein brnstnd at kramden.acf.nyu.edu
Fri Sep 28 15:58:22 AEST 1990


In article <BZS.90Sep28014217 at world.std.com> bzs at world.std.com (Barry Shein) writes:
> One simple and non-intrusive defense against most such attacks would
> be if, on successful login, the system would just tell you how many
> unsuccessful login attempts there have been on your account.

That only defends against login spoofs. (I actually prefer somewhat more
information: the current login session number, recent weird activity,
and last couple of logins in a readable format like ``two hours ago.'')
It does absolutely nothing for the sort of Trojan Horse that we're
discussing.

---Dan



More information about the Comp.unix.internals mailing list