On Mon, 2009-09-28 at 15:52 -0700, Josh Berkus wrote:
> > It takes about 32 hours to brute force all passwords from [a-zA-Z0-9]
> > of up to 8 chars in length.
>
> That would be a reason to limit the number of failed connection attempts
> from a single source, then, rather than a reason to change the hash
> function.
That doesn't solve the problem of an administrator brute-forcing your password.
Regards,Jeff Davis