|
|
|
|
|
|
by woliveirajr
1942 days ago
|
|
|
If I understood correctly, the points are: - using longer passwords (or salts) is better than increasing the number of rounds - having the same database on different devices (top-CPU x older cellphone) have impacts on the performance for the user but not for the attacker (as a powerful hardware will be used) Seems fair, for the average user. And the top user will prefer a longer password anyway. |
|
|
The best most people can remember as a password, is some variations on common words and their date/place of birth.
Hence it doesn't matter what algorithms a database is using, computer will crack most passwords very effectively, provided with common words and minimal rules.
The only solution to secure against cracking is to have way more complicated passwords (very long), but people can't remember them.