Someone has been hacked:
https://bitcointalk.org/index.php?topic=1546435.0I've also seem to have been hacked. So I started a new life.
According to:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#Use_a_cryptographically_strong_credential-specific_salt and:
https://www.keylength.com/ I'm reasonable to assume I've used a strong enough password for this time and age - on a properly configured forum.
Password strength requires two components:
- The service provider to use appropriate password hashing schemes. See the OWASP.org link.
- The user to use a password of appropriate entropy for the time and age. See the KeyLength.com link.
If your user doesn't want to be hacked on your forum, how many bits of entropy should his password consist of, according to your algorithm and the rules of math?
