This is Chip McCormick's TypePad Profile.
Join TypePad and start following Chip McCormick's activity
Already a member?
Update has been hidden from all public facing feeds in TypePad
It seems like focussing on the speed of cracking a password misses a more important point: in real work systems we can control the number or speed of logins. The way that's typically implemented is to only allow N wrong logins and then logging the user out. A better alternative in my opinion is simply to double the time between logins, making brute force attacks much slower. Of course, that creates the possibility of a DOS attack to prevent a particular user from logging in (presuming you know the userid). There probably are good application-specific solutions there (e.g. registering the account to a specific IP or IP block, with a registration process if static IPs can't be guaranteed) and nothing beats having a good sys admin with proper network monitoring tools.
Commented Apr 6, 2012 on
Hashes are a bit like fingerprints for data. A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you're looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion trillion. In reality the...
Chip McCormick is now following
The Typepad Team
Apr 6, 2012
Subscribe to Chip McCormick’s Recent Activity
View all »
Around The Web
All Rights Reserved.
Terms of Service