Re: PHK's MD5 might not be slow enough anymore
On Thu, 28 Jan 2010 17:53:30 -0500
Roger <rnodal@gmail.com> wrote:
> >
> > The point of slowing down the algorithm is to protect against
> > off-line attack where an attacker has gained access to a copy of
> > master.passwd.
>
> When say "off-line attack" do you refer to the attacker running a
> brute force attack on his/her machine?
Yes
> I'm assuming that by using a slow algorithm the attacker is forced to
> use the same slow algorithm to check the passwords?
Hopefully
> > Any hashing has to be done when the password is set, so it's fixed
> > thereafter.
>
The thread is about password hashing, which is not a mechanism to
slow-down and back-off login attempts.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 26 之 35 篇):