This repository has been archived by the owner on Sep 23, 2021. It is now read-only.
Just a simple suggestion! (Poweroff at 3rd password mistake) #106
Comments
|
Interesting idea. What would prevent an attacker from simply booting the computer back up and continuing trying to log in, though? Also, it seems like this opens the door to inadvertently losing work in progress if, say, it takes you a couple of tries to realize you left the proverbial caps lock on. |
|
The benefit in this case is that the previous session wouldn't be loaded in RAM, though any bad actor would perform that kind of attack vector before trying to type a password anyway but I like the idea to have some kind of action after several failed attempts as an extra security layer. |
|
How would an attacker get access to session data loaded in RAM? Is that mitigated by disabling magic sysrq keys? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Would be possible to implement some kind of "hard secure mode", so that at the 3rd time (as an example) of password insertion mistake, physlock, automatically shutdown the computer! Just an idea. :)
The text was updated successfully, but these errors were encountered: