> What are the solutions? To be honest, I?m not sure. A combination of > TPM, biometrics, passwords and maybe something else entirely new will > be needed. But it?s clear that a complex password that users will > actually accept for day-to-day authentication, and keep secret, might > be history.
Or perhaps don't let the attacker try 10 million passwords per second? Really, if someone can ask "is THIS the right password?" as fast as he want to, you've already lost, and that's been true for a long time. Not exactly new news, although it's fun to have the hard numbers for an OTC GPU... DC
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
