The Archives

  • 08.Dec.10
    The savannah.gnu incident and the Sibyl news, security | pfortuny | (0)
    The savannah.gnu.org compromise in December 2010 is another example of the weakness of system passwords: there will always be someone using a brute-force attackable key. And that is the weakest link. I just want to point out to all our readers out there that the Sibyl is precisely an idea to implement a secure way to store hashes of passwords and prevent brute-force attacks. It is not computationally cheap or even the simplest of setups, but security has a price. At least, it is, but for the hardware part, which depends on your implementation, 'gratis' and BSD-licenced. Hope you like it.