Re^6: Mind the meta! (case, DBs)

For casual readers who may interpret your statement to mean decryptable passwords RFC:SHOULD be stored, only one way encryption/hashing should be stored.; e.g. Crypt::Eksblowfish::Bcrypt. Though new specialized hardware has made even that less secure than it was.

NO RAGRETS.

Comment on Re^6: Mind the meta! (case, DBs)

Replies are listed 'Best First'.
Re^7: Mind the meta! (case, DBs) by Anonymous Monk on Mar 04, 2016 at 16:09 UTC
Really, of all options, it is Bcrypt that you would endorse? I'd take properly salted&hashed, folded passwords any day over this, for example. There's nothing inherently wrong with caseless passwords.	[reply]
Re^8: Mind the meta! (case, DBs) by Your Mother (Archbishop) on Mar 04, 2016 at 17:02 UTC
Case-insensitive passwords diminish complexity. It means `abcdefgh` matches not one password but 256 of them. The cracker has less work. I find that inherently wrong.	[reply] [d/l]
Re^9: Mind the meta! (case, DBs) by Anonymous Monk on Mar 04, 2016 at 18:36 UTC
Make your password longer then? It's about entropy, not the symbol set. In practice, one could remember to "put a dot before uppercase", or some other encoding notion (hitting shift does not save on keystrokes either). One might be able to memorize longer passwords when the case is unimportant. And the "horse staple battery" thing? It's essentially chinese block characters, spelt out in english. You have no convincing argument. Remembered pass phrases are not well suited for strong access protection. Slow to enter and hard to remember.	[reply]