> > Jooq could implement this to help those who need to interoperate with > existing legacy code and data that uses PASSWORD. >
That was what I was thinking - at least that way the passwords don't end up clear text in every profiling tool around :) > Everybody else should be deterred from using that though, probably via a > (link to a) warning that PASSWORD offers almost no security, roughly > equivalent to a smallish speed bump, And that as of 2013, the > recommendation is to employ PBDKF2 with an SHA-2 hash instead - warnings > that don't tell people what to do instead aren't very helpful :-) > My pet like is currently scrypt as it burns memory space as well as CPU cycles, so brute force attacks using graphics cards are no where near as fast. * * -- You received this message because you are subscribed to the Google Groups "jOOQ User Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
