If you've stretched a password so much that checking even one attempt takes a while, provide a UI so that the user can type a second (or more) attempt while a previous one is still computing. This eases the pain of typos and "I forgot which password I use here".
You are limited by the number of cores but modern computers have many. Possibly also by memory if you are using a memory-hard password hashing function.
Typos also could be mitigated by having the user type the password multiple times and checking that they match before hashing.
No comments :
Post a Comment