On Mon, Jun 02, 2014 at 06:41:45PM +0200, FRIGN wrote: > […] > If your password is strong, having the hashes won't help any attacker. > […]
I think that's the whole point. Hashing the password before writing it to disk does not hurt much. In case an attacker got access to a box he does not know what password the users chose. Maybe that's a low value, but it's a value, … for a relatively low price. What here provides a false feeling of security? Kind regards, -Alex
