cro...@gmail.com: > As for the proposed strawman `p9sk3`, I fail to see what advantage > that would have over dp9ik
My point was only about the advantage of p9sk3 over p9sk1, not to compare it with anything else. The intent was to counter the implication that p9sk1 is terrible and completely broken, by suggesting that the threat of brute-forcing the entire keyspace can be mitigated with a small, local and very easy to understand variation to the ticket service (with no change to the protocol on-the-wire). Of course it doesn't mitigate the problem of users negligently choosing weak passwords. dp9ik has the extra advantage of doing that too, by removing the opportunity for offline dictionary attacks. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-M86b283cc4c651efabdf9c3da Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
