|
|
|
|
|
|
by amalcon
4993 days ago
|
|
|
if an attacker doesn't have the constituent encrypted chunks and/or the encryption key _for a valid time frame_ This reads an awful lot like "If the attacker has not actually compromised the gateway." After all, the gateway needs to either be able to encrypt the password or decrypt the hash to do its job. That means the gateway needs either the key, or access to an oracle that has the key. Either way, you're compromised. The data sharding has some merit, if only because it's more difficult to simultaneously steal systems from multiple datacenters. I suppose at some level that becomes a concern, but that's roughly the level where you start hiring people with guns to protect your computers. |
|
|