Path: utzoo!censor!geac!jtsv16!uunet!lll-winken!brutus.cs.uiuc.edu!gem.mps.ohio-state.edu!tut.cis.ohio-state.edu!ucbvax!UMRVMA.UMR.EDU!S090726
From: S090726@UMRVMA.UMR.EDU ("Bob B. Funchess")
Newsgroups: comp.sys.sgi
Subject: Long login delay
Message-ID: <8911140002.aa23726@SMOKE.BRL.MIL>
Date: 14 Nov 89 04:57:08 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 15

"Why does it take the system so long to realize that the login is incorrect?"

I haven't OFFICIALLY been told this, but I've been assuming that's not a bug,
it's a feature:  hacker programs designed to try to guess passwords can only
retry once every 5 seconds or so, since the delay is about that long.  We
actually hope this ISN'T fixed.  It seems a more reasonable method than the
"3-try limit" that some mainframes use, since waiting 20 or 30 seconds to get
your password right after 5 tries is better than waiting 5 minutes for the
system to let you try again after messing up 3 times.

It doesn't seem that the "problem" is related to the size of the passwd file,
since it recognizes a correct login instantaneously on a human timescale.


                             < Bob  S090726@UMRVMA.UMR.EDU  Funchess >