Ask HN: Could online services "flood the zone" of compromised password lists?
What if a majority of online services agreed to all create a lot of fake user profiles in their databases that have random string passwords? Then, when a service gets compromised and passwords are leaked, there are a bunch of useless passwords in the published leak mixed in with the real passwords that might be re-used on other sites.
Is there a ratio of fake passwords to real ones that would result in a brute force attack using such a poisoned list being too expensive? Would that ratio result in performance overhead when real users login?
0 comments
[ 1.5 ms ] story [ 9.5 ms ] threadNo comments yet.