[Cryptography] Why don't we protect passwords properly?
Ralf Senderek
crypto at senderek.ie
Mon Dec 23 02:56:01 EST 2013
On Sun, 22 Dec 2013, Peter Gutmann wrote:
> It's pretty simple really. Everyone knows that passwords are no good, so
> there's no point in trying to use/apply/implement them properly.
And if someone dared to replace fast hashes with bcrypt or better, the
the uninformed user would wait for his password check a whooping second
instead of nanoseconds and will certainly think the site has a technical
problem and run to the competition.
--ralf
More information about the cryptography
mailing list