[ceejayoz]

> That is a terrible idea because agencies like the NSA or GCHQ with unfathomable resources and techniques will crack them and never tell anyone.

Chances are they already have 'em, from a compromised employee, a zero-day exploit, or a SQL injection hole. Far more likely than them having cracked bcrypt.

[throwaway2048]

I doubt they have exploited every single password DB in existence.

[bdamm]

Given what we know about older techniques, it's safe to assume that many intelligence agencies hold zero-days for most popular network and server gear. From my personal experience interacting with some of the people who use these tools, exploiting networks is neither free nor particularly difficult.

[tbodt]

If they want it, they can get it.

[sirclueless]

That's still a better status quo than passively having access to all of it.