User: Password:
|
|
Subscribe / Log in / New account

Enforcing password strength

Enforcing password strength

Posted Oct 14, 2011 19:49 UTC (Fri) by Cato (subscriber, #7643)
In reply to: Enforcing password strength by skvidal
Parent article: Enforcing password strength

That's true, but that depends on the version of glibc and whether the high level language such as Python makes it available, and of course the programmer must choose the $6$ format. PHP on some web hosts is still version 5.1 (still the standard version for RHEL 5.x), which means that phpass must use one of bcrypt, extended DES and MD5, depending on what's available.

It's best if everyone checks that the crypto library they are using makes use of key stretching - defending against FPGA attacks is particularly hard as they can be built to be very much faster than CPUs for only a few thousand USD.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds