Nelz's Blog

Mah blogginess

Links - Password Security

What You Need To Know About Secure Password Schemes:

This article really helped me to see what we should concentrate on when encrypting passwords: Time. Time, as a product of scale, is the only way you are going to be able to fight brute-force techniques.

If you are encrypting one password, making it cost an order of magnitude more will be negligible in your end user’s experience. But, for a brute-force attacker, that order of magnitude multiplied by the millions of combinations that they have to attempt would make your database of encrypted passwords much less attractive for cracking.