Sorry, you got taught wrong. Security is about the whole system, not one piece. Hash based security is vulnerable during password exchange, which a slow hash doesn't fix.
Internet connections typically pass through a dozen routers, any of which could be configured to mount a man in the middle attack. The most important thing to get right is the security handshake. If that's weak, nothing else matters. On Monday, July 27, 2015, Jiří Činčura <[email protected]> wrote: > > Really? Could you explain why an authentication scheme whose primary > claim to fame is > > its high computational cost is a good choice for a database system that > needs to do > > hundreds of authentications per minute or second? > > I've been taught that the hashing function for passwords should be "slow". > Hence it makes brute force attacks harder, because the attacker needs to > wait for each attempt. > > -- > Mgr. Jiří Činčura > Independent IT Specialist > > > > ------------------------------------------------------------------------------ > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > -- Jim Starkey
------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
