Making password databases impossible to steal

Discussion in 'privacy technology' started by Minimalist, Apr 21, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    http://www.net-security.org/secworld.php?id=18259
     
  2. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    40
    From what is stated in the article, it sounds like the pool is shared by every system. What if a system admin from company A gets the PW database from company B? He can still run PW guesses against the pool since everyone has equal access. PW guessing would generate high traffic into the pool so, in theory, it would set off network monitoring alarms. As with everything else, security will depend on implementation.
    Of course the NSA will want to have a copy of the pool at their data center...
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    Yes it all depends on implementation. Admin from company A would probably get single password hash from company B but wouldn't know which company is this and also probably wouldn't know where to use it.
     
Loading...