On Thu, 28 Jan 2010 16:24:43 -0500 Roger <[email protected]> wrote: > What would be the consequence of having an algorithm that will > increase the amount of time needed to check the next password after a > failure.
The point of slowing down the algorithm is to protect against off-line attack where an attacker has gained access to a copy of master.passwd. Any hashing has to be done when the password is set, so it's fixed thereafter. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
