[keycloak-dev] Password storage and KDFs
Bill Burke
bburke at redhat.com
Wed Jan 22 09:24:32 EST 2014
I'll accept your PR after I release tomorrow.
On 1/22/2014 9:00 AM, Bruno Oliveira wrote:
> Yes, Bill. Off the top of my head the common use case scenario would be that, an attacker in possession of some hashed passwords, could try to break it. Two examples:
>
> - MITM: I’m just collection the data into the network and once I know that: Bob and Alice has the same hash, if you are doing SHA-* is easy to guess that they have the same password.
> - Database compromised: Like happend with LinkedIn (http://www.zdnet.com/blog/btl/6-46-million-linkedin-passwords-leaked-online/79290) and you already mentioned.
>
> --
> abstractj
>
> On January 22, 2014 at 11:55:12 AM, Bill Burke (bburke at redhat.com) wrote:
>>> Question:
>>
>> How can they easily be broken? If somebody gets the password database?
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list