On Tue, Jun 7, 2011 at 9:36 AM, Phil Steitz <[email protected]> wrote: > need to tune for load, etc.; but slowing down logons via cpu > spinning is a terrible thing to do to web applications that > experience any kind of load. I wonder if there is a way to have > just one of these two evils - either cpu drain or connection / > throughput drag. IIUC the problem the slowing is trying to solve, > that could be accomplished by forcing some kind of time dependency > in the hashing algorithm itself without cpu drain. Is that possible > somehow?
Hi Phil, My response covered a bit, so I decided to break it out into a blog entry: http://www.katasoft.com/blog/2011/06/07/strong-password-hashing-part-2 Thoughts/comments welcome! Cheers, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com
