|
|
|
|
|
|
by e12e
2202 days ago
|
|
|
No, the purpose of the hash is to be able to verify a password. It has to be reasonably quick - it's in the login path. This is different from a public key - its unfeasible to derive a secret key from a public key. Its by design trivial to verify a correct password guess against a salted hash. In general, you won't have a lot of candidate secret keys to try against public keys - but all you need to get candidate passwords is to offer up a service that "check if your password is secure/compromised/etc". You might not crack root@box,but can easily verify that you have access to ceo@box... |
|
|