> So why not simply add the following logic to server mode: > > A) fetch config option "add-random-sleep" (integer, default=0) > B) if ((A)>0) AND user is nobody, sleep for random 1..(A) ms. (This attack > would seem to be useless for anyone but the nobody user. If you're logged in, > you've got your password, and anonymous gets a random password).
Point 2 on that linked article :-) Random numbers have some distribution, most commonly, uniform. Given enough measurements, you can get rid of randomness. -- Dmitry Chestnykh _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users