On 12/20/11 14:19, Dimitry Sibiryakov wrote: > 20.12.2011 11:16, Dmitry Yemanov wrote: >> The new auth protocol will not truncate the longer password >> but the legacy one will, AFAIU. > In this case there is no security breath: if a malefactor has got > truncated password by > bruteforcing legacy hash, it is useless.
Yes, that's better than nothing. But please agree that if one knows first 8 chars it's much simpler to guess/bruteforce/etc. the rest. ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
