+ # do not return any info to prevent user enumeration attacks
+ # always try to delay exactly 3 seconds to prevent timing attacks
+ my $elapsed;
+ while (($elapsed = tv_interval($starttime)) < 3) {
+ usleep(int((3 - $elapsed)*1000000));
+ }
+ die "authentication failure\n";