On Thu, Dec 23, 2010 at 12:01 AM, Joerg Sonnenberger <jo...@britannica.bec.de> wrote: > On Wed, Dec 22, 2010 at 11:06:47PM +0100, Laurens Van Houtven wrote: >> I was looking at >> http://www.fossil-scm.org/index.html/doc/trunk/www/password.wiki and >> worried about the case of a compromised repository. Why does Fossil >> use SHA1 and not scrypt/bcrypt to store passwords? > > Positive: the passwords (if encrypted) are salted based on the project code > and login name. So at least two users with the same password have > differen't encrypted passwords.
If I understand correctly, the nonce (the project code part and the user name part) is known up front, so you wouldn't have to wait for a compromised repository. You'd need numusers*dictsize worth of space which, may be pretty large (perhaps too large to be feasible), but still nowhere near (2**nonce_bits)*dict_size which is the number that backs the claim that nonces make (up-front) dictionary attacks infeasible. I'm not sure about the project code part (perhaps it has some random bits in it too, for which you'd actually need the real repository), am I correct about that being predictable? > Joerg cheers lvh _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users