Y
Hacker News
new
|
ask
|
show
|
jobs
by
desdiv
3383 days ago
Without a limit on password length, an attacker can DOS you by forcing you to run your KDF on gigabyte-sized strings.
2 comments
paulddraper
3383 days ago
Giga
byte
sized strings?
Oh, no. That doesn't make sense. You need to limit by Giga
grapheme
strings.
link
geocar
3383 days ago
They're only denying service to themselves if you run the KDF locally.
link
Oh, no. That doesn't make sense. You need to limit by Giga grapheme strings.