Timeline for Should password hashes be encrypted or HMACed?
Current License: CC BY-SA 3.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 17, 2017 at 10:46 | history | edited | CommunityBot | replaced http://security.stackexchange.com/ with https://security.stackexchange.com/ | |
| Aug 24, 2012 at 21:17 | comment | added | Stephen Touset | With all due respect, my question was not about authentication, but about protecting verifiers from offline attacks (e.g., the salt/password database being leaked). I understand that creating your own homemade constructs based upon secure cryptographic primitives can weaken or entirely defeat security through unintended and unintuitive means. Hence I further asked if there was precedent and/or research supporting this type of approach. | |
| Aug 24, 2012 at 21:00 | history | tweeted | twitter.com/#!/StackSecurity/status/239104978264932352 | ||
| Aug 24, 2012 at 20:30 | vote | accept | Stephen Touset | ||
| Aug 24, 2012 at 19:19 | comment | added | rook | encryption does not provide authentication. This question is erratic. | |
| Aug 24, 2012 at 18:27 | answer | added | Thomas Pornin | timeline score: 7 | |
| Aug 24, 2012 at 18:14 | history | asked | Stephen Touset | CC BY-SA 3.0 |