|
|
|
|
|
|
by Xk
5463 days ago
|
|
|
That's not the attack you worry about: instead, consider the case where someone somehow obtains the database and can do an offline attack on it. Be it a SQL injection or account compromise (or sheer negligence and publishing the database), once that happens you'd better handle passwords reasonably well. If the only attack situation you're worried about is a online guessing attack, then there's no need to even hash passwords. |
|
|