gdm Create User

Lubomir Kundrak lkundrak at redhat.com
Sun Oct 7 16:41:25 UTC 2007


On Sun, 2007-10-07 at 12:30 -0400, Alan Cox wrote:
> On Sun, Oct 07, 2007 at 11:43:53AM -0400, Steve Grubb wrote:
> > Yes that is true. But not having a valid account name doubles the complexity 
> > and requires you to work even longer.
> 
> More than doubles. You've now got to guess two items from the dictionary as
> a matching pair. Thats like trying to throw double one rather than a single
> one on dice (only these dice are multi-million sided)

Right. And now add guessing of the machine's address to the complexity
of bruteforcing the login information.

Would the system, where an user would have to know ten passwords and
five usernames be more secure than one, where account is protected just
with the password? If yes, why don't we do that now?

-- 
Lubomir Kundrak (Red Hat Security Response Team)




More information about the fedora-devel-list mailing list