> Wiki worthy, imo. Agreed. Thanks for the detailed response Les.
What I wondered about is how attackers most typically get access to the hashed passwords. If they gain access to the passwords (a la Atlassian's problem), how likely are they to have access to the salt? I see though that the hash iterations and salt help eliminate the Rainbow attack, which is a significant win. Thanks for bringing that to my attention. Peter -- Peter Ledbrook Grails Advocate SpringSource - A Division of VMware
