On Sat, Feb 28, 2015 at 4:12 PM, Daniel Kahn Gillmor <[email protected]> wrote: > On Sat 2015-02-28 20:46:12 +0100, Trevor Perrin wrote: >> If the attacker spread his bets he'd do better. For example, the >> milllion-dollar attacker could try a billion common phrases against a >> thousand accounts. Specialized hardware would be even more efficient. > > it's not just testing against a thousand accounts, it's testing against > *all* accounts, including future ones.
No, because the password hashes are salted: miniLock asks for your email address, Peerio uses the user ID. So work has to be repeated against different users. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
