https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #3 from Happy-melon <[email protected]> 2011-04-05 11:18:32 UTC --- This came up in August last year on wikitech-l: http://www.gossamer-threads.com/lists/wiki/wikitech/206248 It fairly quickly descended into apocalyptic scenarios of totalitarian governments trying to crack checkusers' passwords using quantum computers (:D) but before that Tim proposed a new hash format using the [[whirlpool algorithm]]. Basically take an existing B-format password (or generate new passwords in the same format), but then go through a multi-stage loop of expanding it 100 times with str_repeat, wirlpooling it, and taking a small substring, and repeating an arbitrary number of times. Since the whirlpool stage is cyclic, you can 'upgrade' your password strength at any time using a script to add more iterations; you don't need the plaintext to be able to start in the middle of the process. Tim's implementation had a binary logarithm iteration counter; he found that 2^7 iterations was about right for (then) current hardware. This overall seems like a realistic and effective solution. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
