We've all done it.
and then the wrong password. A timeout of approximately 3 seconds and then you are informed that you've typed the wrong password.Code:sudo command
VERY annoying for us that want a strong password to have to retype it and have to wait this timeout so many times per day.
They say that it is a security measure: A brute force attack will take months if every password attempt lasts for 3 seconds.
But I find this wrong. A hacker would attempt passwords simultaneously through multiple instances of sudo so as to "guess" the right password. Nothing forbids you from having multiple instances of sudo asking for password.
Let's say that you have 1000 instances of sudo, and each of them allow you one guess per 3 seconds, so we have a total of 3000 guesses in 9 seconds, rather than 3.
That's why I believe that this won't work on a real brute force attack.
What do you think?