Il 12/07/2017 12:01, Binarus ha scritto: > Not sure about that. Similar to serious websites which don't store your > password in clear text, but do store the password's hash instead, I > would expect that banks don't store your PIN in clear text as well. Even with 6-digits PIN it would take *seconds* to an attacker to brute force hashed PINs once he gets the hashed database. Salted hashes would multiply the needed time by the number of PINs (approx). So keeping such a database would be a really stupid thing to do -- unless it's kept in a HSM.
Passwords have way larger key space (from 10^N for N digits of the PIN to 64^N or more for the passwords -- considering uppercase, lowercase, digits and symbols), hence salted hashes are quite secure. BYtE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users