When cracking passwords attackers don't just use brute force. The most effective attacks are ones that exploit human patterns such as leet replacements, capital first letter, punctuation at the end, etc. Concatenated…
nowjs has no concept of security.
It's not possible. What's possible is using a browser extension to verify some of the essential javascript and use that javascript to do further verification.
What I meant by that is that a brute force offline attack will always succeed if your password is easily guessable regardless of what hashing or password verification protocols are used.
I also have doubts about the effectiveness of their security, so I'd like to challenge that part of the statement too.
I know these guys have good intentions, but they seem confused about the guarantees that SRP provides. It does allow the server to verify the user's password without receiving it, but it doesn't help in any was against…
> Download the nginx secure key to verify the package > >cd /tmp/ >wget http://nginx.org/keys/nginx_signing.key Verify a package with a key you got over http? Am I the only one who noticed this?
When cracking passwords attackers don't just use brute force. The most effective attacks are ones that exploit human patterns such as leet replacements, capital first letter, punctuation at the end, etc. Concatenated…
nowjs has no concept of security.
It's not possible. What's possible is using a browser extension to verify some of the essential javascript and use that javascript to do further verification.
What I meant by that is that a brute force offline attack will always succeed if your password is easily guessable regardless of what hashing or password verification protocols are used.
I also have doubts about the effectiveness of their security, so I'd like to challenge that part of the statement too.
I know these guys have good intentions, but they seem confused about the guarantees that SRP provides. It does allow the server to verify the user's password without receiving it, but it doesn't help in any was against…
> Download the nginx secure key to verify the package > >cd /tmp/ >wget http://nginx.org/keys/nginx_signing.key Verify a package with a key you got over http? Am I the only one who noticed this?