|
|
|
|
|
|
by aj-code
3639 days ago
|
|
|
This is a good overview of how hackers actually crack hashes if anyone is interested. https://www.trustedsec.com/june-2016/introduction-gpu-passwo... The other things to take into account: Code complexity, quality, and cost of ownership. Rolling your own scheme when mature and well tested code already exists is generally something to be avoided, especially when crypto is involved. Force multipliers. Your server is probably using a CPU to calculate hashes, while hackers are using at least GPUs and possibly FPGAs or other hardware, which are hugely faster than your CPU. So yes, while you can use any cryptographic hash with enough rounds to make high quality passwords unlikely to be cracked, using a password specific algorithm correctly will greatly reduce the advantage hackers have. This makes more of your user's passwords unlikely to be cracked. |
|
|