zooko wrote:
Think of it like this:
Passwords are susceptible to brute-force and/or dictionary attack.
We can't, in general, prevent attackers from trying guesses at our
passwords without also preventing users from using them, so instead
we employ various techniques:
* salts (to break up the space of targets into subspaces, of which
at most one can be targeted by a given brute-force attack)
* key strengthening (to increase by a constant factor the cost of
checking a password)
* rate-limits for on-line tries (i.e., you get only a small fixed
number of wrong guesses in a row before you are locked out for a time-
out period)
You forgot:
* stronger passwords
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]