03-09-13, 08:12 PM
(03-09-13, 07:46 PM)Farjo link Wrote: The danger is that someone who has stolen the database can then use brute force to obtain the user passwords, rather than attempt it on the live site which would swamp the log files.If someone stole the database and it was encrypted with Bcrypt then they could get a password in 12 years or so depending on configuration.
"[color=rgb(34, 34, 34)]So we’re talking about [/color][color=rgb(34, 34, 34)][/size]5 or so orders of magnitude[/color][color=rgb(34, 34, 34)][/size]. Instead of cracking a password every 40 seconds, I’d be cracking them every [/color][color=rgb(34, 34, 34)][/size]12 years[/color][color=rgb(34, 34, 34)][/size] or so"[/color]
Opinions are like A**holes, Everyone has one. Some people seem to have more than one though which is a bit odd.