Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Passwords

Two questions on passwords:

  1. Can I/will I be able to change my password?
  2. Is the system/will the system be protected against brute force attack on user passwords?

Comments

  • Change password feature is long overdue. I need to add this to both desktop and mobile versions.

    FYI, this feature is slightly complicated (which is why it's not there already). It needs to decrypt everything with the old password and re-encrypt it with the new password. Also your other devices need to (somehow) be notified that the password has been changed and prompt for input.

    For brute force, you should be covered already through the use of key stretching. I use bcrypt hash (https://en.wikipedia.org/wiki/Bcrypt). Some people use PBKDF2. I'm not sure which is better.

    However, i would say not to use a really simple password like a dictionary word or a name.

    Here's how i make my passwords:

    I pick two or three random words (eg car, banana, pig) and add a digit.

    so it might be "bananacarpig8".

    I like this method because it's a bit easier to remember and a quick calculation of the permutations goes as follows:

    Assume word pool of, say 10000 words (common nouns for example). Total combinations of 10000^3*10 = 10^16. With key stretching a fast machine could do, say 10 a second. That's 10^15 seconds.

    Which works out to over 30 millions years.

Sign In or Register to comment.