| JayF | https://review.opendev.org/c/openstack/keystone-specs/+/915482 security-interested folks might wanna take a gander at this | 15:49 |
|---|---|---|
| fungi | looking it over, it seems reasonably well thought-out | 16:22 |
| fungi | using a kdf and severely truncating the result should be safe enough for logging purposes anyway | 16:23 |
| JayF | oh, the use case just clicked | 16:41 |
| JayF | differentiating between "I changed a password and have my old one in 1000 places" and "someone is trying to brute force" | 16:42 |
| fungi | yeah, "someone is trying lots of different passwords for the same account" in which case the truncated hash would vary wildly | 16:44 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!