[Cryptography] encrypting bcrypt hashes
Mark Steward
marksteward at gmail.com
Tue Mar 14 07:07:20 EDT 2017
Something needs to be able to read that file, so there's not much
difference to a peppered hash, and rate limiting at the data layer is much
less useful for security than at the application layer.
You also still need to salt or pepper, as permuting doesn't hide
frequencies.
Mark
On 14 Mar 2017 04:24, "Tom Mitchell" <mitch at niftyegg.com> wrote:
On Mon, Mar 13, 2017 at 1:58 AM, Robin Wood <robin at digininja.org> wrote:
>
....
>>
>> Again the security depends on the difficulty of exfiltrating such a large
>> data set, not on a short key that that is relatively easy to steal.
>
Also a single file would be opened by a very short list of processes.
Access control lists apply. Even advisory access control can be used to
trigger alerts.
Also the number of active "open" states can also be watched.
So the OS services also come to play.
--
T o m M i t c h e l l
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170314/05ae352a/attachment.html>
More information about the cryptography
mailing list