Merge branch 'master' of https://github.com/Saguine/no-java.git
This commit is contained in:
Dave
@@ -38,9 +38,9 @@ a session if data has been changed, as changes can only be saved when the user i
|
|||||||
|
|
||||||
## Things to consider
|
## Things to consider
|
||||||
|
|
||||||
- With SHA-512 hashes taking up 64 bytes of storage, it's possible to accomodate a million accounts in under 64MB.
|
- With SHA-512 hashes taking up 64 bytes of storage, it's possible to accomodate a million accounts in just 64MB.
|
||||||
- When considering multiple servers with multiple backup points, it's possible to simply make the hash database public,
|
- When considering multiple servers with multiple backup points, it's possible to simply make the hash database public,
|
||||||
masking transfers to backup servers by crowdsourcing false leads.
|
masking transfers to backup servers by crowdsourcing false leads.
|
||||||
- A correctly implemented no- system would still be vulnerable to a stealthy server compromise; that is, a server known to use the no- system is
|
- A correctly implemented no- system would still be vulnerable to a stealthy server compromise; that is, a server known to use the no- system is
|
||||||
compromised and changes the layer which implements such, saving data somewhere else when users log in.
|
compromised and changes the layer which implements such, saving data somewhere else when users log in.
|
||||||
- Even considering the above, a stealth compromised server never gives information about the users who have not logged in.
|
- Even considering the above, a stealth compromised server never gives information about the users who have not logged in.
|
||||||
|
|||||||
Reference in New Issue
Block a user