Forgot your password?
typodupeerror

Comment: Re:Dictionnary attack doesn't show any weakness (Score 1) 217

by markatto (#34243946) Attached to: Cracking Passwords With Amazon EC2 GPU Instances
Not necessarily. There are many use cases where there is no disadvantage to a fast hashing algorithm. For example, secure hashes are commonly used to guarantee that data has not been modified. (I believe that PHP uses a hash for this purpose, as it is much faster than running rsa on the entire message.) What this REALLY tells us is something that we have known for a long time: fast hash functions are suboptimal for password "storage"/verification. We need to use something slower for dealing with passwords, such as bcrypt, which can be made arbitrarily expensive.

Faith may be defined briefly as an illogical belief in the occurence of the improbable. - H. L. Mencken

Working...