lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Sat, Jan 25, 2014 at 1:42 AM, William Ahern
<william@25thandclement.com> wrote:

[...]

>
> Who in their right mind would allow their website authentication system to
> spend 5 seconds (an eternity!) hogging a CPU? Especially when you could
> instead mandate passwords just three or four characters longer for the same
> benefit and without crippling your throughput?
>
> Anything over a millisecond is already too long for real websites. At that
> point, the differential between scrypt and braindead SHA256+salt is so low
> in real terms that you've hardly inconvenienced an attacker doing a
> dictionary attack on user passwords. On a database he _already_ stole, mind
> you, which should be your real concern!
>
>

BTW, this is all assuming server-side KDF...

Even if clients are able to aquire privileges by brute forcing
hash-space directly, and that's cheaper, you still have the benefit of
securing the original key in case users reuse it on other sites.