[pLog-svn] New Security Features in Joomla
Reto Hugi
plog at hugi.to
Mon Jul 30 09:49:22 EDT 2007
Hi Matt
Thanks for the feedback.
On 07/30/2007 03:30 PM, Matt Wood wrote:
> The salt ensures that you have to brute force every single password
> individually (increasing the amount of computation required to find them
> all) because you have to include the salts. So if you have 20 users, you
> have to spend about 20 times more time computing hashes.
True. I was too much focused on cracking one single password.
> It isn't much more secure. In fact I'd say this does nothing, if an
> attacker can retrieve the hashes, it is also likely he doesn't need them
> (bypass/change).
I totally agree. So it's definitely nothing we should consider for lt.
cheers,
reto
More information about the pLog-svn
mailing list