[cryptography] Current state of brute-forcing random keys?
nico at cryptonector.com
Thu Jun 9 21:17:26 EDT 2011
On Thu, Jun 9, 2011 at 7:34 PM, Solar Designer <solar at openwall.com> wrote:
> On Thu, Jun 09, 2011 at 05:22:59PM -0500, Nico Williams wrote:
>> And for remote password-based authentication we'll want to start using
> This doesn't prevent offline password guessing attacks after a
> (temporary) server compromise.
> I think there's still a need for better password hashing on servers.
Indeed, we still need KDFs in augmented ZKPPs.
More information about the cryptography