Quote:
Originally Posted by
Corona688
That only matters when you've swiped someone's shadow file though. If they have to brute-force your login, most systems will slow down failed logins severely.
Well, that is exactly what I said in my first post, that the issue is when someone steals the password file (what ever kind it is), my post was:
Quote:
One reason is that if someone steals the password file with all the encrypted passwords , it is easy to crack weak passwords. So, imagine a business with 20,000 customers and someone steals the password file. It would be easy for a criminal to run a brute force exploit (attack) against the encrypted passwords in the password file, and then subsequently compromise the accounts.
And in reality, this is what happens. A password file or database full of passwords (encrypted) are stolen; this can also include encrypted credit card information and other confidential data.
The same is also true for encrypted WIFI keys, which can be stored as encrypted text and then later on, a brute force attack is applied against those passwords; so the exploit is first gathering the data (encrypted text) and later running an attack against the ciphertext.