Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site rayssd.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!rayssd!dpw
From: dpw@rayssd.UUCP (Darryl P. Wagoner)
Newsgroups: net.crypt
Subject: Re: foiling password crackers
Message-ID: <1946@rayssd.UUCP>
Date: Sun, 9-Feb-86 17:03:10 EST
Article-I.D.: rayssd.1946
Posted: Sun Feb  9 17:03:10 1986
Date-Received: Tue, 11-Feb-86 06:37:45 EST
References: <100900001@haddock.UUCP>
Sender: dpw@rayssd.UUCP (Darryl P. Wagoner @ Raytheon Co., Portsmouth RI)
Organization: Raytheon Co., Portsmouth RI
Lines: 21

> 
> attempts.  A simple refinement which I've never heard mentioned would
> be to have the login program simply disable the ability to log in
> successfully after a number of attempts, without notifying the user.
> This would let the unsuspecting loser keep trying to log into your
> system while you had plenty of time to trace his phone line without
> your having to worry about his gaining entry to your system.
> 
I think a good hacker would get wise before to long.  Almost all login
programs have a limit.  I would worry about one that didn't.  This would
also mean that the SA would have to let the users know that this would
happen and by doing this would more than likely let the hacker know as
well.  We have put in a notice that someone has tried to login to your
account at login time with the number of unsuccessful attempts.  We 
also limit the number of tries to three.
-- 
	Darryl Wagoner
	Raytheon Co.; Portsmouth RI; (401)-847-8000 x4089
	...!decvax!brunix!rayssd!dpw
	...!allegra!rayssd!dpw
	...!linus!rayssd!dpw