Message 24702

Author
ced
Date
2016-03-09.18:38:57
Message id
24702

Content

For the record, the exponential delay was introduced in r 80ae70886386 based on those articles which suggest our implementation:
https://www.schneier.com/blog/archives/2009/01/bad_password_se.html
https://blog.codinghorror.com/dictionary-attacks-101/
Also in the comments of Schneier's post, there is proposed exactly the patch file2334 which is defeated with the same argument than the one we gave: https://www.schneier.com/blog/archives/2009/01/bad_password_se.html#c341185
History
Date User Action Args
2016-03-09 18:38:58cedsetmessageid: <1457545138.64.0.704476908483.issue5369@tryton.org>
2016-03-09 18:38:58cedsetrecipients: + meanmicio
2016-03-09 18:38:58cedlinkissue5369 messages
2016-03-09 18:38:57cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)