On 11/24/2012 10:15 AM, Rafal Pietrak wrote:
> Some improvement in passwords safety could be gained, if the database
> table access methods (e.g. SELECT...) provided means to limit that
> access to just one entry at a time, and return results only when
> (password) column hash was equal for a single entry. e.g. information is
> not leaking when password dont' match.
But what about situations where the attackers gained access to the
database itself or faulty discs that got replaced? Isn't just having a
strong hash a better solution? And by strong I mean a bcrypt based or
similar approach that requires significant time to calculate a single hash.
--
.oO V Oo.
Work Hard,
Increase Production,
Prevent Accidents,
and
Be Happy! ;)