|
|
|
|
|
|
by qnr
4672 days ago
|
|
|
> Take the first 16 characters of bcrypt(username,site domain) Hey, that's the very definition of security through obscurity ;) Here's a thought experiment I use when estimating security of similar password schemes: imagine you asked someone to come up with 1000 different mechanisms of generating passwords based on username and domain. Is your scheme is likely to be among them? If yes, this means it provides less than 10 bits of security. |
|
|