|
|
|
|
|
|
by mLewisLogic
4609 days ago
|
|
|
With sane defaults, bcrypted passwords are "worthless" in the hands of a casual attacker. Somebody would have to REALLY want to access your account and have SIGNIFICANT financial/computational resources to crack it. And that only gives them one password. Significant and independent work is required for each individual password. On the other hand, there's nothing stopping a developer from doing something really dumb like setting bcrypt iterations to 1. |
|
|
I _really_ hope that doesn't turn out to be the case here.