[email protected] writes: > couldn't immediately see a way for a system to increment the iteration > count without having the user re-enter a password, since U_x seems
Jon Callas already hinted at the real solution. Don't be clever. When you change your policy, add code that updates the user's password hash upon next login. Understandable, testable, safe. -- http://noncombatant.org/ _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
