[messaging] Peerio

Trevor Perrin trevp at trevp.net
Sat Feb 28 16:58:47 PST 2015

On Sat, Feb 28, 2015 at 4:12 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On Sat 2015-02-28 20:46:12 +0100, Trevor Perrin wrote:
>> If the attacker spread his bets he'd do better.  For example, the
>> milllion-dollar attacker could try a billion common phrases against a
>> thousand accounts.  Specialized hardware would be even more efficient.
> it's not just testing against a thousand accounts, it's testing against
> *all* accounts, including future ones.

No, because the password hashes are salted: miniLock asks for your
email address, Peerio uses the user ID.

So work has to be repeated against different users.


More information about the Messaging mailing list