Thought experiment:

What if a data breech of stolen user names and passwords in plain text wasn't a jackpot.

Assuming one had a large enough user base. Plus one purposely saved everything in clear text. Then one implements an algorithm that saves each user's name and password in different locations. E.g. user `x` has password `y` and user `y` has password `z`, etc.

Thus if the database ever got leaked, although it looks like you received a gold mine, you only got a gotcha.

Additional algorithm/procedural alterations would be to mix up the pairs in arbitrary time intervals. Or it could be a fluid database that is constantly changing.

@barefootstache Ok well now you can bruteforce every single user account.
Follow

@wildgoose @2ck

Salting the password would solve the brute force attack, though it goes against the given parameters of the experiment.

Wondering if let's say the algorithm uses other parameters like `createAt` or `updateAt` as check parameters to give full authorization.

Or if the IP address is saved in some shape and any suspicious activity needs to be confirm via email.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.