Why should checking a wrong password take longer than checking the right one?

This question has always troubled me.

On Linux, when asked for a password, if your input is the correct one, it checks right away, with almost no delay. But, on the other hand, if you type the wrong password, it takes longer to check. Why is that?

I observed this in all Linux distributions I've ever tried.

It's actually to prevent brute force attacks from trying millions of passwords per second. The idea is to limit how fast passwords can be checked and there are a number of rules that should be followed.

• A successful user/password pair should succeed immediately.
• There should be no discernible difference in reasons for failure that can be detected.

That last one is particularly important. It means no helpful messages like:

Your user name is correct but your password is wrong, please try again

or:

Sorry, password wasn't long enough

Not even a time difference in response between the "invalid user and password" and "valid user but invalid password" failure reasons.

Every failure should deliver exactly the same information, textual and otherwise.

Some systems take it even further, increasing the delay with each failure, or only allowing three failures then having a massive delay before allowing a retry.

This makes it take longer to guess passwords.

I am not sure, but it is quite common to integrate a delay after entering a wrong password to make attacks harder. This makes a attack practicaly infeasible, because it will take you a long time to check only a few passwords.

Even trying a few passwords - birthdates, the name of the cat, and things like that - is turned into no fun.

Basically to mitigate against brute force and dictionary attacks.

From The Linux-PAM Application Developer's Guide:

Planning for delays

extern int pam_fail_delay(pam_handle_t *pamh, unsigned int micro_sec);

This function is offered by Linux-PAM to facilitate time delays following a failed call to pam_authenticate() and before control is returned to the application. When using this function the application programmer should check if it is available with,

#ifdef PAM_FAIL_DELAY
    ....
#endif /* PAM_FAIL_DELAY */

Generally, an application requests that a user is authenticated by Linux-PAM through a call to pam_authenticate() or pam_chauthtok(). These functions call each of the stacked authentication modules listed in the relevant Linux-PAM configuration file. As directed by this file, one of more of the modules may fail causing the pam_...() call to return an error. It is desirable for there to also be a pause before the application continues. The principal reason for such a delay is security: a delay acts to discourage brute force dictionary attacks primarily, but also helps hinder timed (covert channel) attacks.

It's a very simple, virtually effortless way to greatly increase security. Consider:

1. System A has no delay. An attacker has a program that creates username/password combinations. At a rate of thousands of attempts per minute, it takes only a few hours to try every combination and record all successful logins.

2. System B generates a 5-second delay after each incorrect guess. The attacker's efficiency has been reduced to 12 attempts per minute, effectively crippling the brute-force attack. Instead of hours, it can take months to find a valid login. If hackers were that patient, they'd go legit. :-)