Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
apk17
on Dec 14, 2016
|
parent
|
context
|
favorite
| on:
New NIST password guidelines: don't require charac...
You make the modifications and store those hashes as well.
Can't have a new 'similar' algo for past pws, obviously.
xamuel
on Dec 14, 2016
[–]
If you store N variations, a random guess has N chances to hit one. Once an attacker knows a variation, they may be able to use it to narrow down on the real password.
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Can't have a new 'similar' algo for past pws, obviously.