Anonymous user
Template:User committed identity/doc: Difference between revisions
→Choosing a good secret string
(→Syntax: +) |
|||
Line 34:
# Your secret string should not be short. A dedicated attacker could, by brute force, try short strings until they find your secret string, but if your string is longer that attack would be impractical. If your string is 15 characters long, there are around 10<sup>27</sup> strings of that length, or an [[en:octillion]] (and that's just counting alphanumeric strings with spaces).
# Your secret string should not only contain an email address, name or phone number, but should contain hard to guess components. "jsmith@hotmail.com" for example may be vulnerable to both [[en:dictionary attack]]s and a search of email addresses, enabling attackers to check 'only' those hundred million names against all published hashed identities, which is computationally much easier than trying to identify a randomly chosen string.
<templatedata>
{
"params": {},
"format": "inline"
}
</templatedata>
=== <includeonly>Heading text</includeonly><div class="references-small"> ===
=== Getting the hash ===
| |||