[thelist] Login Screen Security
Joshua Olson
joshua at waetech.com
Wed Nov 12 12:58:17 CST 2003
From: <John.Brooking at sappi.com>
Sent: Wednesday, November 12, 2003 1:37 PM
> On the salt exposure problem: Even if the cracker can sniff the salt (now
> there's an image!), does it do him any good? It would certainly give him a
> much improved chance of guessing the password by running his guesses
through
> his own crypt function to positively identify a match with what he
sniffed.
> But he's still guessing passwords, so he's not any further ahead than if
he
> was guessing passwords at a regular login screen that submits via SSL,
> right? It *is* kind of shame to protect the salt so well on the server
side,
> only to expose it on the client, but if it doesn't hurt us, is that really
a
> problem?
It's good to see the thought processes at work.
<tip type="Noise Reduction" author="Joshua Olson">
Reducing the ambient noise generated by the PC may help reduce headaches and
hearing loss. Even at low volumes prolonged exposure to noise can cause
productivity loss and personal injury.
If you want to quite down your PC you may consider some hardware options
offered at the following:
http://www.endpcnoise.com/
</tip>
<><><><><><><><><><>
Joshua Olson
Web Application Engineer
WAE Tech Inc.
http://www.waetech.com
706.210.0168
More information about the thelist
mailing list