RT @bascule @tqbf @Walshman23 @typed that's like saying use MD5 for pswd storage requires good salt mgmt < You crackin' HMAC-SHA256? LOL
-
-
Replying to @manicode
@manicode@tqbf@Walshman23@typed if I know the key, and it's a HMAC of a low entropy string, sure1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@tqbf@Walshman23@typed Yup! If you have the HMAC key you are just haskcracking. This depends on key management/crypto isolation.3 replies 0 retweets 0 likes -
Replying to @manicode
@manicode@tqbf@Walshman23@typed if your password database and key are ever compromised, it would be extremely easy to brute force1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@tqbf@Walshman23@typed I agree which is why I suggest HSM or an isolated server for the HMAC. This is only for massive scale.2 replies 0 retweets 0 likes -
Replying to @manicode
@manicode@tqbf@Walshman23@typed scaling a proper PHF on app servers is going to be a hell of a lot easier than scaling HSMs1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@tqbf@Walshman23@typed HSM's scale for shite (you get it). But you can isolate the HMAC process at scale.1 reply 0 retweets 0 likes -
Replying to @manicode
@manicode@tqbf@Walshman23@typed unless it's all HSMs it's risk. Also we've "scaled" HSMs... it's hard: http://www.slideshare.net/diogomonica/bletchley …2 replies 1 retweet 2 likes -
Replying to @bascule
@bascule What an epic presentation and security architecture. http://www.slideshare.net/diogomonica/bletchley …1 reply 4 retweets 4 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.