[148614] in cryptography@c2.net mail archive
Re: [Cryptography] Why don't we protect passwords properly?
daemon@ATHENA.MIT.EDU (Ralf Senderek)
Mon Dec 23 10:27:41 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 23 Dec 2013 08:56:01 +0100 (CET)
From: Ralf Senderek <crypto@senderek.ie>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
In-Reply-To: <20131223075047.A64EA23484@laptop.kerry-linux.ie>
Cc: Cryptography <cryptography@metzdowd.com>
Reply-To: Ralf Senderek <crypto@senderek.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sun, 22 Dec 2013, Peter Gutmann wrote:
> It's pretty simple really. Everyone knows that passwords are no good, so
> there's no point in trying to use/apply/implement them properly.
And if someone dared to replace fast hashes with bcrypt or better, the
the uninformed user would wait for his password check a whooping second
instead of nanoseconds and will certainly think the site has a technical
problem and run to the competition.
--ralf
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
