This is Chip McCormick's Typepad Profile.
Join Typepad and start following Chip McCormick's activity
Join Now!
Already a member? Sign In
Chip McCormick
Recent Activity
It seems like focussing on the speed of cracking a password misses a more important point: in real work systems we can control the number or speed of logins. The way that's typically implemented is to only allow N wrong logins and then logging the user out. A better alternative in my opinion is simply to double the time between logins, making brute force attacks much slower. Of course, that creates the possibility of a DOS attack to prevent a particular user from logging in (presuming you know the userid). There probably are good application-specific solutions there (e.g. registering the account to a specific IP or IP block, with a registration process if static IPs can't be guaranteed) and nothing beats having a good sys admin with proper network monitoring tools.
Toggle Commented Apr 6, 2012 on Speed Hashing at Coding Horror
Chip McCormick is now following The Typepad Team
Apr 6, 2012