[Mailman-Users] mailman passwords
Mark Sapiro
mark at msapiro.net
Sat May 9 23:16:59 CEST 2009
bob 001 wrote:
>
>Do we have any setting where we can set maximum retries for wrong
>password before it locks the account or something like that?
No
>isn't it otherwise easily breakable via bots by trying different
>passwords to the same web url.
It depends on the strength of the password. Consider a password
consisting of 10 randomly chosen upper/lower case letters and digits.
There are over 8 * 10^17 such passwords. On average random guessing
requires 4 * 10^17 guesses. Even if the round trip web response time
is 1 msec, and it's probably much longer that that, it takes 4 * 10^14
seconds or over 12 million years to try that many guesses. And, if
someone is hitting your server that hard, you'd probably notice.
And what's the payoff for cracking a list password? Maybe the ability
to send one large blast of spam before the list is shut down.
>How'z experts here controlling this piece of security?
By using strong passwords.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list