Forgot your password?
typodupeerror

Comment: Re:Dictionnary attack doesn't show any weakness (Score 1) 217

by markatto (#34243946) Attached to: Cracking Passwords With Amazon EC2 GPU Instances
Not necessarily. There are many use cases where there is no disadvantage to a fast hashing algorithm. For example, secure hashes are commonly used to guarantee that data has not been modified. (I believe that PHP uses a hash for this purpose, as it is much faster than running rsa on the entire message.) What this REALLY tells us is something that we have known for a long time: fast hash functions are suboptimal for password "storage"/verification. We need to use something slower for dealing with passwords, such as bcrypt, which can be made arbitrarily expensive.

Practical people would be more practical if they would take a little more time for dreaming. -- J. P. McEvoy

Working...