Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^8: Password strength calculation

by stonecolddevin (Vicar)
on Jan 25, 2012 at 17:42 UTC ( #949936=note: print w/ replies, xml ) Need Help??


in reply to Re^7: Password strength calculation
in thread Password strength calculation

I think you really nailed this one on the head, the "natural language" password idea (using a long phrase as your password) is a great, and solid, idea. I hadn't thought of the incremental delay after a password attempt, that's brilliant as well.

As for password encryption, I think I like bcrypt the best (checkout Crypt::Eksblowfish::Bcrypt).

Three thousand years of beautiful tradition, from Moses to Sandy Koufax, you're god damn right I'm living in the fucking past


Comment on Re^8: Password strength calculation
Re^9: Password strength calculation
by BrowserUk (Pope) on Jan 25, 2012 at 20:03 UTC
    I think I like bcrypt the best

    The paper appears to be very well thought through.


    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.

    The start of some sanity?

      At first I thought this was a smart ass comment regarding my affinity for bcrypt, at which I chuckled heartily. On second read, I think you were actually referring to the bcrypt spec. This sold me on it: http://codahale.com/how-to-safely-store-a-password/

      Three thousand years of beautiful tradition, from Moses to Sandy Koufax, you're god damn right I'm living in the fucking past

        On second read, I think you were actually referring to the bcrypt spec.

        Indeed. I worked my way through this and found it to be very well thought out. And once you get passed the theory in the first section, very readable.


        With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority".
        In the absence of evidence, opinion is indistinguishable from prejudice.

        The start of some sanity?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://949936]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (13)
As of 2014-12-19 20:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (91 votes), past polls