On 01/05/12 06:26, Charles Marcus wrote:
To prevent rainbow table attacks, salt your passwords. You can make them a little bit more difficult in plenty of ways, but salt is the /solution/.
Go read that link (you obviously didn't yet, because he claims that salting passwords is next to *useless*...
He doesn't claim that, but he's a crackpot anyway.
Use a slow algorithm (others already mentioned bcrypt) to prevent brute-force search, and use salt to prevent pre-computed lookups. Anyone who tells you otherwise can probably be ignored. Extraordinary claims require extraordinary evidence.
You realize they're just walking around with a $400 post-it note with the password written on it, right?
Nope, you are wrong - as I have patiently explained before. They do not *need* to write their password down.
They have them written down on their phones. If someone gets a hold of the phone, he can just read the password off of it.