On Thu, 28 Jan 2010 16:24:43 -0500 Roger <rno...@gmail.com> wrote: > What would be the consequence of having an algorithm that will > increase the amount of time needed to check the next password after a > failure.
The point of slowing down the algorithm is to protect against off-line attack where an attacker has gained access to a copy of master.passwd. Any hashing has to be done when the password is set, so it's fixed thereafter. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
