|
|
|
|
|
|
by Aissen
1616 days ago
|
|
|
Thanks for sharing this, TIL. It's a very interesting attack, highly specific to the high-number of breaches, high password reuse environment we're in that enables at-scale password cracking. I don't think it invalidates this advice completely. You should watch the talk and eventually add a global pepper (assuming it does not leak), and of course do the final bcrypt(md5(pass)) -> bcrypt(pass) migration upon user login. |
|
|