>>>>> "Tim" == Tim Hutt <tdh...@gmail.com> writes:
Tim> By default, on Debian and derivatives, `sudo` has a ~2 second
Tim> delay for incorrect password attempts. This serves no security
Tim> purpose whatsoever and merely annoys the user.
It's not obvious to me that it serves no security purpose.
Why can't sudo be used as a channel for password guessing?
Consider a case where ssh authentication does not permit passwords, but
where a password is required for sudo.
I'm unlikely to decide this is worth the complexity to fix (I think your
analysis of the possible options is roughly correct) even if there is no
security benefit. I'm definitely not interested in fixing if there is a
security benefit.
