Re: PHK's MD5 might not be slow enough anymore
>
> The point of slowing down the algorithm is to protect against off-line
> attack where an attacker has gained access to a copy of master.passwd.
When say "off-line attack" do you refer to the attacker running a
brute force attack on his/her machine?
I'm assuming that by using a slow algorithm the attacker is forced to
use the same slow algorithm to check the passwords?
> Any hashing has to be done when the password is set, so it's fixed
> thereafter.
What do you mean by that?
Thank you very much for taking the time to answer.
-r
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 22 之 35 篇):