Gnupg-users Digest, Vol 91, Issue 30

Mike Acker Mike_Acker at
Tue Apr 19 21:17:36 CEST 2011

On 04/19/2011 14:35, gnupg-users-request at wrote:
>  Maybe because, since this is the support list for GnuPG, we are all
> thinking more about how to protect an encrypted file than about how to
> protect a server account.

what difference does it make if I am discussing a server logon or the
password for a .zip?  3 strikes, you're out would be good on the server
but for the .zip the delay after bad makes more sense

if i delay responding to a bad password for 1 second the speed of your
processor become irrelevant: you now need 1000 vm's to get to 1m
tries/sec. and there's no real reason i wouldn't make it 10 sec after
the 2d bad try, and then 30 min after the 3d -- like the Novell server
used to do


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110419/2bb7ae03/attachment.pgp>

More information about the Gnupg-users mailing list