- From: Edward Z. Yang <edwardzyang@thewritingpot.com>
- Date: Tue, 30 Sep 2008 13:35:13 -0400
Michal Zalewski wrote: > Not really? I just need to rebuild my dictionary for that salt, but to > check against say a million or ten million of common domains, it > wouldn't be very expensive. And it's not very expensive to build such a > list of domains, too. In that case, you are certainly correct; adding a salt only hinders an attacker. But if we're worried about Origin giving away a secret intranet website, I think things should be reasonable. Of course, they can still dictionary brute-force it... (whoops, forgot to CC list)
Received on Tuesday, 30 September 2008 10:35:13 UTC