Re: sefety of passwords for web-service applications

On 11/24/2012 10:15 AM, Rafal Pietrak wrote:
> Some improvement in passwords safety could be gained, if the database
> table access methods (e.g. SELECT...) provided means to limit that
> access to just one entry at a time, and return results only when
> (password) column hash was equal for a single entry. e.g. information is
> not leaking when password dont' match.


But what about situations where the attackers gained access to the
database itself or faulty discs that got replaced? Isn't just having a
strong hash a better solution? And by strong I mean a bcrypt based or
similar approach that requires significant time to calculate a single hash.




--


.oO V Oo.


Work Hard,
Increase Production,
Prevent Accidents,
and
Be Happy!  ;)