Reply to post: Re: Dunce Cap tip

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?


Re: Dunce Cap tip

> However you can also be pretty confident they're not hashing them -

> these systems are old and would have balked at the space constraints

> implied by hashing + salting all the partial password combinations.

Hopefully we can be sure they're not protecting the password by hashing the partial combinations because it's a poor idea. Trivial to recover the partial password given the hash, 24 bit exhaust at most for a three character partial.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019