Nelz's Blog

Mah blogginess

Links - Password Security

What You Need To Know About Secure Password Schemes: http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/

This article really helped me to see what we should concentrate on when encrypting passwords: Time. Time, as a product of scale, is the only way you are going to be able to fight brute-force techniques.

If you are encrypting one password, making it cost an order of magnitude more will be negligible in your end user’s experience. But, for a brute-force attacker, that order of magnitude multiplied by the millions of combinations that they have to attempt would make your database of encrypted passwords much less attractive for cracking.