On Mar 31, 2008, at 4:47 AM, Ivan Krstić wrote:
Tahoe doesn't run this service either. I can't use it to make guesses
at any of the values you mentioned. I can use it to make guesses at
whole documents incorporating such values, which is in most cases a
highly non-trivial distinction.
The way
On Mar 30, 2008, at 9:37 PM, zooko wrote:
You can store your True Name, credit card number, bank
account number, mother's maiden name, and so forth, on the same
server as your password, but you don't have to worry about using
salts or key strengthening on those latter secrets, because the
server
zooko wrote:
Think of it like this:
Passwords are susceptible to brute-force and/or dictionary attack.
We can't, in general, prevent attackers from trying guesses at our
passwords without also preventing users from using them, so instead
we employ various techniques:
* salts (to break
[This conversation is spanning three mailing lists --
cryptography@metzdowd.com, [EMAIL PROTECTED], and tahoe-
[EMAIL PROTECTED] . Some of the posts have not reached all three of
those lists. I've manually added Jerry Leichter and Ivan Krstić to
the approved-senders set for p2p-hackers and
