25 Jul
2006
25 Jul
'06
12:40 p.m.
On Jul 25, Max Tulyev <president@ukraine.su> wrote:
My view: When arguing about security vulnerabilities it is a good idea to provide a threat model explaining exactly how much the current system is insecure. I have not seen one, and I object to implementing all this without a clear analisys of why wisely chosen MD5-hashed passwords are not secure enough when the hashes are publically disclosed. Especially considering that people who want an higher level of security can already use PGP or X.509 authentication and are not be vulnerable.
-- ciao, Marco