|
|
|
|
|
|
by mafuy
1637 days ago
|
|
|
> that the server side hash is still at least independently expensive enough That is useless if a hash of the passphrase is sent by the client. The input space is evenly distributed over all hash values, so a dictionary attack is no better than sending all possible hashes directly (brute force). A single round of server side hash suffices here. |
|
|