> > The point of slowing down the algorithm is to protect against off-line > attack where an attacker has gained access to a copy of master.passwd.
When say "off-line attack" do you refer to the attacker running a brute force attack on his/her machine? I'm assuming that by using a slow algorithm the attacker is forced to use the same slow algorithm to check the passwords? > Any hashing has to be done when the password is set, so it's fixed > thereafter. What do you mean by that? Thank you very much for taking the time to answer. -r _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
