You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was wondering if anyone could share some best practices for password hashing when writing an OPCUA server (with authentication and encryption enabled) to prevent brute force attacks.
For instance, if I use bcrypt with default parameters, it takes around 200ms on my machine to compare the user provided password against the valid hash. Meaning OPCUA clients would take at least that time to establish a connection, which may be somewhat a lot in the context of real time system. Or is this OK in your opinion?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
I was wondering if anyone could share some best practices for password hashing when writing an OPCUA server (with authentication and encryption enabled) to prevent brute force attacks.
For instance, if I use bcrypt with default parameters, it takes around 200ms on my machine to compare the user provided password against the valid hash. Meaning OPCUA clients would take at least that time to establish a connection, which may be somewhat a lot in the context of real time system. Or is this OK in your opinion?
Beta Was this translation helpful? Give feedback.
All reactions