[TYPO3-dev] Password handling (Regarding youngest security issues)
Xavier Perseguers
typo3 at perseguers.ch
Fri Nov 14 18:16:58 CET 2008
Sebastian Gebhard wrote:
> Marcus Krause schrieb:
>> Therefore, we will use salts which then are stored together with the
>> password hash.
>> Salts will be different for every user records.
>
> Hi Marcus,
>
> imho that makes my proposal obsolete since i consider yours as much better.
>
> The advantage is not only that users may be migrated more easily, an
> attacker would also have to create a rainbow table for every single user
> to find out the passwords.
> I think in most cases this won't be worth it for attacker because they
> have no guarantee that the password they might retreive after a lot of
> work will be useful for them.
Did someone read what I wrote about the superchallenge authentication?
--
Xavier Perseguers
http://xavier.perseguers.ch/en
More information about the TYPO3-dev
mailing list