[OWASP_PHPSEC] For the love of bcrypt

rahul chaudhary rahul300chaudhary400 at gmail.com
Tue Sep 17 19:38:14 UTC 2013


But as suggested in the comments....if you will check for lengths of
password in the server side also, then it can be thwarted. So, is this
really a problem...if yes, how ??


On Mon, Sep 16, 2013 at 7:04 PM, Abbas Naderi <abiusx at owasp.org> wrote:

>
> http://arstechnica.com/security/2013/09/long-passwords-are-good-but-too-much-length-can-be-bad-for-security/
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130917/8a85c351/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list