[messaging] Peerio
Trevor Perrin
trevp at trevp.net
Sat Feb 28 16:58:47 PST 2015
On Sat, Feb 28, 2015 at 4:12 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On Sat 2015-02-28 20:46:12 +0100, Trevor Perrin wrote:
>> If the attacker spread his bets he'd do better. For example, the
>> milllion-dollar attacker could try a billion common phrases against a
>> thousand accounts. Specialized hardware would be even more efficient.
>
> it's not just testing against a thousand accounts, it's testing against
> *all* accounts, including future ones.
No, because the password hashes are salted: miniLock asks for your
email address, Peerio uses the user ID.
So work has to be repeated against different users.
Trevor
More information about the Messaging
mailing list