This commit is contained in:
Dave
2015-01-31 22:13:23 +02:00

View File

@@ -38,9 +38,9 @@ a session if data has been changed, as changes can only be saved when the user i
## Things to consider ## Things to consider
- With SHA-512 hashes taking up 64 bytes of storage, it's possible to accomodate a million accounts in under 64MB. - With SHA-512 hashes taking up 64 bytes of storage, it's possible to accomodate a million accounts in just 64MB.
- When considering multiple servers with multiple backup points, it's possible to simply make the hash database public, - When considering multiple servers with multiple backup points, it's possible to simply make the hash database public,
masking transfers to backup servers by crowdsourcing false leads. masking transfers to backup servers by crowdsourcing false leads.
- A correctly implemented no- system would still be vulnerable to a stealthy server compromise; that is, a server known to use the no- system is - A correctly implemented no- system would still be vulnerable to a stealthy server compromise; that is, a server known to use the no- system is
compromised and changes the layer which implements such, saving data somewhere else when users log in. compromised and changes the layer which implements such, saving data somewhere else when users log in.
- Even considering the above, a stealth compromised server never gives information about the users who have not logged in. - Even considering the above, a stealth compromised server never gives information about the users who have not logged in.