

Passwords are dead - paupino_masano
http://pcidss.wordpress.com/2013/02/04/passwords-are-dead-a-collaborative-research-effort-being-presented-at-rsa-2013-p1/

======
csense
I stopped reading when the author revealed his cluelessness about the
appropriate countermeasure for rainbow tables:

> There exists databases FULL of every single password hash (for each type of
> encryption / hash approach) that can be compared against recovered passwords
> – think 2 excel tables .. search for hash in column A and find real world
> password in column B.

This is a good description of the attack vector, and the fact that this attack
vector exists is why any modern application should hash each user's password
with a different salt when storing it in the database.

