On Thu, 28 Jan 2010 17:53:30 -0500 Roger <[email protected]> wrote: > > > > The point of slowing down the algorithm is to protect against > > off-line attack where an attacker has gained access to a copy of > > master.passwd. > > When say "off-line attack" do you refer to the attacker running a > brute force attack on his/her machine?
Yes > I'm assuming that by using a slow algorithm the attacker is forced to > use the same slow algorithm to check the passwords? Hopefully > > Any hashing has to be done when the password is set, so it's fixed > > thereafter. > The thread is about password hashing, which is not a mechanism to slow-down and back-off login attempts. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
