this post was submitted on 02 Aug 2023
88 points (94.9% liked)
Interesting
555 readers
1 users here now
- Be respectful to other members Treat others with kindness and courtesy, even if you disagree with their opinions.
- Stay on topic Keep your discussions relevant to the purpose of the forum. Avoid going off-topic or derailing conversations.
- No spamming Avoid posting irrelevant or unnecessary content, advertisements, or links to unrelated websites.
- Use proper language and tone Choose your words carefully when commenting or replying to others. Avoid using profanity or engaging in offensive language and personal attacks.
- Do not share personal information Protect your privacy by refraining from sharing personal details such as addresses, phone numbers, or email addresses on the forum.
- Report any issues If you come across any inappropriate behavior or content, report it to the forum moderators or administrators.
- Have fun and contribute positively Participate actively and add value to the discussions. Engage in meaningful and constructive conversations with fellow members.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The hashing algoritm is important though. I recently had to design some password hashing system and associated parameters. My work laptop can do a couple dozen million md5 attempts a second no problem. It's like a factor of 100 - 1000 slower than this sheet. Not bad overall.
However, using the right hashing algorithms with good tuning such as key derivation rounds and hashing rounds and such can slow that thing down to 2 or 3 attempts per second. Even if you had some system a million times faster than my CPU (at which point the NSA will make you offers and you should take them, or else), you won't break those passwords given their hash. You wouldn't even break them if they were simple random lower + upper case sequences of low length.