Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
desdiv
on March 10, 2017
|
parent
|
context
|
favorite
| on:
Emoji.length == 2
Without a limit on password length, an attacker can DOS you by forcing you to run your KDF on gigabyte-sized strings.
paulddraper
on March 10, 2017
|
next
[–]
Giga
byte
sized strings?
Oh, no. That doesn't make sense. You need to limit by Giga
grapheme
strings.
geocar
on March 10, 2017
|
prev
[–]
They're only denying service to themselves if you run the KDF locally.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
