commit | e9d910b0289c820852f7afa67f584cef1c05fe95 | [log] [tgz] |
---|---|---|
author | dtucker@openbsd.org <dtucker@openbsd.org> | Fri Apr 13 03:57:26 2018 +0000 |
committer | Darren Tucker <dtucker@dtucker.net> | Fri Apr 13 15:26:11 2018 +1000 |
tree | 207f618329c9df13a2278c71c95b1dc66450bb86 | |
parent | d97874cbd909eb706886cd0cdd418f812c119ef9 [diff] |
upstream: Defend against user enumeration timing attacks. This establishes a minimum time for each failed authentication attempt (5ms) and adds a per-user constant derived from a host secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok markus@ djm@. OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca