in reply to Adjust bcrypt cost to prevent future password hash attacks
If I read you correctly, your idea is to re-hash passwords every now and then as computers get faster, am I right? Assuming that I am, here's my question.
Once the hash of a password gets stored, we really have no longer have an idea of what the actual password is. In an ideal world, even when the user tries to log in, a hash of his password is sent, and then the stored hash and the stored hash are compared to determine the successfulness of a login attempt.
Given this, how do you propose the password is re-hashed without having the original password to work from?
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Adjust bcrypt cost to prevent future password hash attacks
by andreas1234567 (Vicar) on Jun 12, 2012 at 18:21 UTC |
In Section
Seekers of Perl Wisdom