This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] NWIs update
- Previous message (by thread): [db-wg] NWIs update
- Next message (by thread): [db-wg] NWIs update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Hilliard
nick at foobar.org
Wed Apr 10 12:32:44 CEST 2019
Gert Doering wrote on 10/04/2019 11:08: > The attack vector against unsalted hashes is "rainbow tables"... make the > API key something like 80 characters long, and no machine in the world > can do anything but brute force. which will work until the DB ends up on https://haveibeenpwned.com/ > But why store the API key anyway. Have it contain permissions plus a > crytographically sane signature, and all you need to know is "in the key". Sounds like it would cause problems unless you maintained a key revocation list. Or unless you maintained salt-per-client in cleartext format, which doesn't sound like an improvement. Nick
- Previous message (by thread): [db-wg] NWIs update
- Next message (by thread): [db-wg] NWIs update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]