lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <17010239602.20140322120409@gmail.com>
Date: Sat, 22 Mar 2014 12:04:09 +0100
From: Krisztián Pintér <pinterkr@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Transforming hash to different cost setting


Christian Forler (at Saturday, March 22, 2014, 11:17:34 AM):

> Companies will accept a transparency no-effort solution which improves
> the password hash security of their users. The will not delete old user
> data.

you keep mentioning deletion of user data. i restate that i was
talking about deleting password, not data. when the user comes back
after like a year of inactivity, he will simply be told that his
password was deleted for security reasons, and now he needs to go
through the usual forgotten password routine. users can also be
notified that in order to avoid this minor annoyance, they have to log
in at least every 6 months. that is not of anybody's concern. this
won't set your business back.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ